Privacy policy

1) Introduction and Contact Details of the Data Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data refers to all data that can be used to personally identify you.

1.2 The data controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Berenika Petrasch, Berrytale, Donaustraße 10, 76199 Karlsruhe, Germany, Email: info@berrytale.de The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

When using our website purely for informational purposes, i.e., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which are technically necessary for us to display the website:

  • The website visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the page
  • Browser used
  • Operating system used
  • IP address used (if applicable: anonymized)

The processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not shared or used in any other way. However, we reserve the right to review the server log files retrospectively if specific indications of unlawful use arise.

3) Hosting & Content Delivery Network

Shopify

We use the system of the following provider for hosting our website and displaying its content:
Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").

Data is also transferred to:
Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider to ensure the protection of our website visitors' data and to prohibit unauthorized data transfer to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by a decision of the European Commission.

4) Cookies

To make your visit to our website more attractive and enable certain functions, we use cookies—small text files stored on your device. Some of these cookies are automatically deleted after the browser is closed ("session cookies"), while others remain on your device for a longer period and enable the saving of page settings ("persistent cookies"). You can view the storage duration in your browser's cookie settings.

If personal data is processed by individual cookies, the processing is carried out: in accordance with Art. 6 (1) lit. b GDPR for contract execution, in accordance with Art. 6 (1) lit. a GDPR based on your consent, or in accordance with Art. 6 (1) lit. f GDPR to safeguard our legitimate interest in the best possible functionality of the website and a user-friendly visit experience.

You can configure your browser to notify you about the setting of cookies and decide on their acceptance individually or exclude the acceptance of cookies for specific cases or in general.

Please note that the functionality of our website may be limited if cookies are not accepted.

5) Contacting Us

When you contact us (e.g., via a contact form or email), personal data is processed solely for the purpose of handling and responding to your request and only to the extent necessary for this purpose.

The legal basis for this data processing is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If your contact aims at the conclusion of a contract, Art. 6 (1) lit. b GDPR provides an additional legal basis. Your data will be deleted when it can be inferred from the circumstances that the matter has been fully resolved and no statutory retention obligations conflict with the deletion.

6) Data Processing When Opening a Customer Account

In accordance with Art. 6 (1) lit. b GDPR, personal data will be collected and processed to the extent necessary when you provide it to us during the creation of a customer account. The specific data required for account creation can be found in the input form on our website.

You can delete your customer account at any time by notifying the above-mentioned contact address of the data controller. Once your customer account is deleted, your data will also be deleted, provided that all contracts concluded through the account have been fully executed, there are no statutory retention obligations, and we have no legitimate interest in further data retention.

7) Use of Customer Data for Direct Advertising

7.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will send you regular information about our offers. The only mandatory detail required for sending the newsletter is your email address. Providing further data is voluntary and is used to address you personally. We use the double opt-in procedure for sending newsletters, which ensures that you will only receive newsletters if you explicitly confirm your consent to receiving them by activating a verification link sent to the provided email address.

By activating the confirmation link, you consent to the use of your personal data in accordance with Article 6(1)(a) GDPR. In this process, we save your IP address entered by your Internet Service Provider (ISP) and the date and time of the subscription to trace potential misuse of your email address at a later date. The data collected during the newsletter subscription will be used strictly for its intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the responsible contact specified above. Upon unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data for purposes permitted by law, about which we inform you in this statement.

7.2 Shopify Email

Our email newsletters are sent via the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

Based on our legitimate interest in effective and user-friendly newsletter marketing, we share the data you provided when subscribing to the newsletter in accordance with Article 6(1)(f) GDPR with this provider, so that they can handle the newsletter distribution on our behalf.

With your express consent in accordance with Article 6(1)(a) GDPR, the provider also conducts a statistical analysis of newsletter campaigns using web beacons or tracking pixels embedded in the emails. These measure open rates and specific interactions with the content of the newsletter. Additionally, device information (e.g., time of access, IP address, browser type, and operating system) is collected and analyzed but is not merged with other data sets.
You can revoke your consent to newsletter tracking at any time with effect for the future.

We have entered into a data processing agreement with the provider, which protects the data of our website visitors and prohibits its disclosure to third parties.

When data is transferred to Canada, an adequate level of data protection is ensured by a European Commission adequacy decision.

7.3 Cart Reminders via Email

If you abandon your purchase on our website before completing your order, you may receive a one-time reminder email regarding the contents of your virtual shopping cart.

The only mandatory detail required for sending this reminder is your email address. Providing further data is voluntary and may be used to address you personally. For sending the email, we use the double opt-in procedure, ensuring that you will only receive such notification after explicitly confirming your consent by activating a verification link sent to your provided email address.

By activating the confirmation link, you consent to the use of your personal data in accordance with Article 6(1)(a) GDPR for sending a cart reminder. In this process, we save your IP address entered by your Internet Service Provider (ISP) and the date and time of subscription to trace potential misuse of your email address at a later date. The data collected when subscribing to our email notification service is used strictly for its intended purpose.

You can unsubscribe from cart reminders at any time by sending a message to the responsible contact specified above. Upon unsubscribing, your email address will be immediately deleted from our mailing list for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data for purposes permitted by law, about which we inform you in this statement.

8) Data Processing for Order Fulfillment

8.1 To the extent necessary for contract execution for delivery and payment purposes, the personal data we collect is shared with the commissioned transportation company and the authorized credit institution in accordance with Article 6(1)(b) GDPR.

If we are obligated to provide updates for goods with digital elements or digital products based on a corresponding agreement, we process the contact data you provided during the order (name, address, email address) to notify you about upcoming updates personally via an appropriate communication method (e.g., postal or email) within the legally prescribed period, as part of our legal information obligations in accordance with Article 6(1)(c) GDPR. Your contact data is strictly used for notifications about updates we are obligated to provide and is processed only to the extent necessary for this purpose.

To fulfill your order, we also work with the following service providers, who wholly or partially support us in executing concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.

8.2 Post & DHL Shipping (official)

For preparing shipments, we use the services of the following provider: Deutsche Post DHL Research And Innovation GmbH, Kurt-Schumacher-Str. 1, 53113 Bonn.
In accordance with Article 6(1)(b) GDPR, we transfer digital shipping labels containing your delivery information exclusively for processing your online order from our order management system to the provider, who then forwards them to our local printers to enable printing. Data is shared only to the extent necessary for fulfillment.

8.3 Transfer of Personal Data to Shipping Service Providers

- DHL

We use the following provider as a shipping service: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany.

We share your email address and/or phone number with the provider in accordance with Article 6(1)(a) GDPR prior to the delivery of the goods for the purpose of coordinating a delivery date or providing delivery notifications, provided you have expressly consented to this during the order process. Otherwise, we only share the recipient's name and delivery address with the provider in accordance with Article 6(1)(b) GDPR for the purpose of delivery. This data transfer is limited to what is necessary for the delivery of the goods. In such cases, advance coordination of the delivery date or delivery notification with the provider is not possible.

The consent can be revoked at any time with effect for the future, either by contacting the controller mentioned above or directly with the provider.

8.4 Use of Payment Service Providers

- Apple Pay

If you choose the payment method “Apple Pay” provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the “Apple Pay” function on your iOS, watchOS, or macOS device by debiting a payment card stored in “Apple Pay.” Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. Authorizing a payment requires entering a code you have previously set and verifying via the “Face ID” or “Touch ID” function on your device.

For payment processing, the information provided during the order process, along with details about your order, is transmitted to Apple in encrypted form. Apple re-encrypts this data with a developer-specific key before forwarding it to the payment service provider linked to the payment card stored in Apple Pay. This encryption ensures that only the website where the purchase was made can access the payment data. After the payment is completed, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment.

If personal data is processed during the described transfers, the processing is carried out exclusively for payment processing purposes in accordance with Article 6(1)(b) GDPR.

Apple stores anonymized transaction data, such as the approximate purchase amount, date, and time, and whether the transaction was successfully completed. This anonymization ensures complete exclusion of personal reference. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services.

When using Apple Pay on an iPhone or Apple Watch to complete a purchase made via Safari on a Mac, the Mac and the authorization device communicate through an encrypted channel on Apple servers. Apple does not process or store this information in a form that can identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings under “Wallet & Apple Pay” by turning off “Allow Payments on Mac.”

Further information on data protection with Apple Pay can be found at: https://support.apple.com/de-de/HT203027

- Google Pay

If you select the payment method “Google Pay” provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment processing is carried out via the “Google Pay” application on your Android device (version 4.4 or higher with NFC functionality) by debiting a payment card stored in Google Pay or another verified payment system (e.g., PayPal). For payments exceeding €25, prior unlocking of your device through a verification measure (e.g., facial recognition, password, fingerprint, or pattern) is required.

For payment processing, the information provided during the order process, along with details about your order, is transmitted to Google. Google then transmits your stored payment information in the form of a one-time transaction number to the originating website to verify the payment. This transaction number contains no real payment data but is created and transmitted as a one-time valid numerical token. Google solely acts as an intermediary for processing transactions, and the transaction itself is conducted solely between the user and the originating website by debiting the payment method stored in Google Pay.

If personal data is processed during the described transfers, the processing is carried out exclusively for payment processing purposes in accordance with Article 6(1)(b) GDPR.

Google reserves the right to collect, store, and evaluate certain transaction-specific information for every Google Pay transaction, including the date, time, amount, merchant location and description, description of purchased goods or services, photos attached to the transaction, the names and email addresses of the buyer and seller, the payment method used, and a description of the transaction’s purpose.

According to Google, this processing is carried out solely in accordance with Article 6(1)(f) GDPR based on its legitimate interest in proper accounting, verifying transaction data, and optimizing and maintaining the functionality of the Google Pay service.

Google also reserves the right to combine processed transaction data with other information collected during the use of Google services.

Google Pay’s terms of use can be found at:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further privacy information on Google Pay is available at:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de


- Masterpayment

This website offers one or more online payment methods provided by Masterpayment LTD, 483 Green Lanes, London, N13 4BS, United Kingdom.

When selecting a payment method from this provider where you make advance payment (e.g., credit card), the payment data provided during the ordering process (including name, address, bank and card details, currency, and transaction number) and information about your order are transmitted to the provider in accordance with Article 6(1)(b) GDPR. This transmission is exclusively for payment processing purposes and only to the extent necessary.

For payment methods where the provider makes an advance payment (e.g., purchase on account or installment purchase), you will also be asked to provide certain personal data (e.g., full name, address, date of birth, email address, phone number, and possibly alternative payment information).

To protect our legitimate interest in assessing our customers’ creditworthiness, this data is forwarded to the provider for a credit check in accordance with Article 6(1)(f) GDPR. The provider uses the data provided, along with additional data (e.g., shopping cart, invoice amount, order history, payment experiences), to assess whether the payment option you selected can be granted based on payment and/or default risk.

As part of the creditworthiness check, identity and credit information from the following agencies may be included:

  • Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany
  • CRIF GmbH, Friesenweg 4, Haus 12, 22763 Hamburg, Germany
  • SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany

Credit reports may include probability values (known as score values). Score values are based on a scientifically recognized mathematical-statistical procedure, which may include address data in their calculation.

You can object to this data processing at any time by notifying us or the provider. However, the provider may still be entitled to process your personal data if necessary for the contractual payment processing.

For transfers to the provider’s location, an appropriate level of data protection is ensured by an adequacy decision of the European Commission.


- Paypal

This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you choose a payment method from the provider where you make an advance payment, your payment data (including name, address, bank and card details, currency, and transaction number) as well as information about the content of your order will be shared with them in accordance with Art. 6(1)(b) GDPR. The transfer of your data will only be made for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

If you select a payment method where we make an advance payment, you will also be required to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and, if applicable, data about an alternative payment method) during the order process.

In order to protect our legitimate interest in assessing your payment capability, we will forward this data to the provider for the purpose of a credit check in accordance with Art. 6(1)(f) GDPR. The provider will assess, based on the personal data you have provided and other data (such as shopping cart, invoice amount, order history, payment experience), whether the selected payment option can be granted in terms of payment and/or collection risk.

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.

You can object to the processing of your data at any time by sending us a message or notifying the provider. However, the provider may still be entitled to process your personal data if necessary for the contractual payment processing.

- Paypal Checkout

This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal's own payment methods and local payment methods from third-party providers.

When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "Pay Later" via PayPal, we transmit your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The data transfer takes place in accordance with Art. 6(1)(b) GDPR and only to the extent necessary for payment processing.

For the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – "Pay Later" via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be transmitted to credit agencies in accordance with Art. 6(1)(f) GDPR, based on PayPal's legitimate interest in assessing your payment ability. The result of the credit check, in relation to the statistical probability of payment default, is used by PayPal to decide whether to provide the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. You can object to the processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if necessary for contractual payment processing.

If the PayPal payment method "Invoice Purchase" is available and selected, your payment data will initially be transmitted to PayPal for payment preparation, after which PayPal forwards this information to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") to complete the payment. The legal basis is Art. 6(1)(b) GDPR. In this case, Ratepay will conduct an identity and credit check in its own name to assess the payment ability, in accordance with the principle mentioned above, and will transmit your payment data to credit agencies due to its legitimate interest in assessing your payment ability in accordance with Art. 6(1)(f) GDPR. A list of the credit agencies Ratepay may use can be found here: https://www.ratepay.com/legal-payment-creditagencies/

When using the payment method of a local third-party provider, your payment data will initially be transmitted to PayPal in accordance with Art. 6(1)(b) GDPR for payment preparation. Depending on your selection of an available local payment method, PayPal will then forward your payment data to the corresponding provider for payment processing in accordance with Art. 6(1)(b) GDPR:

  • Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
  • Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
  • iDeal (Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands)
  • Bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
  • Blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
  • EPS (PSA Payment Services Austria GmbH, Handelskai 92, Gate 21200, Vienna, Austria)
  • MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
  • Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)

For further data protection information, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

- Shopify Payments

On this website, one or more online payment methods from the following provider are available: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

If you choose a payment method from this provider where you pay in advance (e.g., credit card payment), your payment data (including name, address, bank and card information, currency, and transaction number) as well as information about the contents of your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. The sharing of your data will only take place for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

9) Tools and Miscellaneous

9.1 - Lexware Office

For the completion of accounting, we use the service of the cloud-based accounting software from the following provider: Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany.
The provider processes incoming and outgoing invoices as well as possibly the bank transactions of our company in order to automatically capture invoices, match them to the transactions, and create financial accounting through a semi-automated process.
If personal data is also processed in this context, the processing is based on our legitimate interest in efficiently organizing and documenting our business transactions.

9.2 Cookie-Consent-Tool

This website uses a so-called "Cookie Consent Tool" to obtain valid user consent for cookies and cookie-based applications that require consent. The "Cookie Consent Tool" is displayed to users when they visit the page in the form of an interactive user interface, where consent for certain cookies and/or cookie-based applications can be granted by checking boxes. Through the use of this tool, all cookies/services that require consent are only loaded if the respective user gives their consent by checking the boxes. This ensures that such cookies are only set on the user's device if consent has been granted.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Article 6, paragraph 1, letter f of the GDPR, based on our legitimate interest in lawful, user-specific, and user-friendly consent management for cookies, and thus in ensuring a legally compliant design of our website.
Another legal basis for processing is also Article 6, paragraph 1, letter c of the GDPR. As the controller, we are legally obligated to make the use of technically unnecessary cookies dependent on the user's consent.
Where necessary, we have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.
For more information about the provider and the settings options of the Cookie Consent Tool, please refer to the corresponding user interface on our website.

10) Rights of the Data Subject

10.1 The applicable data protection law grants you the following rights regarding the processing of your personal data with respect to the data controller (rights to information and intervention), with reference to the specific legal basis for their exercise:

  • Right of access pursuant to Art. 15 GDPR;
  • Right to rectification pursuant to Art. 16 GDPR;
  • Right to erasure (right to be forgotten) pursuant to Art. 17 GDPR;
  • Right to restriction of processing pursuant to Art. 18 GDPR;
  • Right to notification pursuant to Art. 19 GDPR;
  • Right to data portability pursuant to Art. 20 GDPR;
  • Right to withdraw consent granted pursuant to Art. 7 (3) GDPR;
  • Right to lodge a complaint pursuant to Art. 77 GDPR.

10.2 CANCELLATION POLICY

WHEN WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCE OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING MAY BE ALLOWED IF WE CAN DEMONSTRATE COMPELLING PROTECTIVE REASONS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

11) Duration of Storage of Personal Data

The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing, and, if applicable, the relevant statutory retention periods (e.g., commercial and tax retention periods).

When personal data is processed based on explicit consent according to Art. 6 (1) lit. a GDPR, the data will be stored until you revoke your consent.

If there are statutory retention periods for data processed based on contractual or contract-like obligations under Art. 6 (1) lit. b GDPR, this data will be routinely deleted once the retention periods have expired, unless it is still necessary for the fulfillment of the contract or contract initiation and/or we still have a legitimate interest in retaining the data.

When personal data is processed under Art. 6 (1) lit. f GDPR, the data will be stored as long as you do not exercise your right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

When personal data is processed for direct marketing purposes under Art. 6 (1) lit. f GDPR, the data will be stored until you exercise your right to object under Art. 21 (2) GDPR.

Unless otherwise stated in the additional information provided in this statement regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.