Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide the data has no consequences. This only applies insofar as no other information is provided for the subsequent processing operations.

“Personal data” means any information relating to an identified or identifiable natural person.

Server Log Files

You can visit our websites without providing any personal information.
Each time you access our website, usage data is transmitted to us or our web host / IT service provider by your internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the page accessed, date and time of access, the IP address, the amount of data transferred, and the requesting provider.

Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in ensuring the smooth operation of our website and improving our offering.

Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. For Canada, an adequacy decision by the EU Commission exists. For the USA, an adequacy decision by the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the standard contractual clauses of the EU Commission.

Contact

Controller

You may contact us upon request. The controller responsible for data processing is:
Elia Mayr, Alter Lauffener Weg 19, 74336 Brackenheim, Germany, 015121966200, yama-shop@web.de

Customer’s Initiated Contact by Email

If you contact us by email on your own initiative for business purposes, we collect your personal data (name, email address, message text) only to the extent provided by you. Data processing serves the purpose of handling and responding to your inquiry.

If the contact serves the implementation of pre-contractual measures (e.g., advice in case of purchase interest, preparing an offer) or relates to a contract already concluded between you and us, this data processing is based on Art. 6(1)(b) GDPR.

If contact is made for other reasons, this data processing is based on Art. 6(1)(f) GDPR due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object at any time, for reasons arising from your particular situation, to processing of personal data concerning you based on Art. 6(1)(f) GDPR.

We use your email address only to process your inquiry. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Customer Account / Orders

Customer Account

When opening a customer account, we collect your personal data to the extent specified there. Data processing serves the purpose of improving your shopping experience and simplifying order processing. Processing is based on Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of the consent until revocation. Your customer account will then be deleted.

Collection, Processing and Disclosure of Personal Data for Orders

When placing an order, we collect and process your personal data only insofar as necessary to fulfill and process your order and to handle your inquiries. Providing the data is required for concluding the contract. Failure to provide it means no contract can be concluded. Processing is based on Art. 6(1)(b) GDPR and is necessary for the performance of a contract with you.

Your data may be shared, for example, with shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing, and IT service providers. In all cases, we strictly comply with legal requirements. The scope of data transfer is limited to a minimum.

Reviews / Advertising

Data Collection When Writing a Comment or Review

When commenting/reviewing an item or a post, we collect your personal data (name, email address, comment text) only to the extent provided by you. Processing serves the purpose of enabling and displaying comments/reviews.

By submitting the comment/review, you consent to the processing of the transmitted data. Processing is based on Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of the consent until revocation. Your personal data will then be deleted.

When your comment/review is published, only the name you provided will be published.

Use of Judge.me

We use the review system “Judge.me” provided by Judge.me Ltd (c/o Buckworths 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB; “Judge.me”).

Judge.me enables us to collect customer reviews and display them on our website to provide you with an insight into the quality of our services. After an order, you may receive an invitation from us or Judge.me to submit a review and then leave a review. In this context, the following data may be processed by us or Judge.me: email address, name, phone number, address, information about your device (IP address, browser information and operating system), information about the purchased product or service used (order number, product details), the content of your review and your star rating, product photos or videos (if you attached them to your product review). This data may also be used to verify your review.

Judge.me uses technologies such as cookies.
Your data may be transferred outside the EU to the United Kingdom. For the UK, an adequacy decision by the EU Commission exists.
Your data may be transferred to the USA. For the USA, an adequacy decision by the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Judge.me is not certified under the TADPF. This transfer is based on special contracts approved for use in the UK which provide the same protection as personal data has in the UK.

The use of cookies or comparable technologies takes place with your consent on the basis of § 25(1) sentence 1 TDDDG in conjunction with Art. 6(1)(a) GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6(1)(a) GDPR, provided that you have expressly consented to the transfer of your data and to receiving the review request. You may revoke your consent at any time without affecting the lawfulness of processing carried out on the basis of the consent until revocation.

Further information on data protection when using Judge.me can be found at: https://judge.me/privacy.

Use of the Trusted Shops Review System (Trustbadge)

We use the review system of Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne, Germany (“Trusted Shops”).

Trusted Shops and we are joint controllers for the collection of your data and the transfer of this data to Trusted Shops when using the service. The basis is an agreement between us and Trusted Shops on joint processing of personal data. Accordingly, both we and Trusted Shops are equally responsible for fulfilling obligations under the GDPR, in particular the information obligations under Art. 13, 14 GDPR and for granting data subject rights under Art. 15–21 GDPR. More information can be found at: https://help.etrusted.com/hc/de/article_attachments/4422901015569.

Trusted Shops enables us to collect customer reviews and display them on our website via the “Trustbadge” to provide you with an insight into the quality of our services. After an order, you may receive an invitation from us or Trusted Shops to submit a review and then leave a review. The following data is processed by us or Trusted Shops: email address, order information (order amount, order number, possibly purchased product). This data may also be used to verify your review.

When you access our website and the Trustbadge is displayed, the following data is also processed by us or Trusted Shops: your IP address, date and time of access, amount of data transferred and the requesting provider.

Processing is based on Art. 6(1)(a) GDPR with your consent, provided that you have expressly consented to the transfer of your data and to receiving the review request. You may revoke your consent at any time without affecting the lawfulness of processing carried out on the basis of the consent until revocation.

Further information on data protection at Trusted Shops can be found at: https://www.trustedshops.de/impressum-datenschutz/#datenschutz.

Review Reminder

After your order, we would like to ask you to review your purchase with us. For this purpose, we use your personal data (name, email address, order information) independently of contract processing to send you a review reminder by email after a purchase, provided that you have expressly consented.

Processing is based on Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time using the link in the email or by notifying us, without affecting the lawfulness of processing carried out on the basis of the consent until revocation.

Use of Email Address for Newsletters

We use your email address to send information and offers via newsletter, provided that you have expressly consented. Data processing serves exclusively the purpose of advertising communication. For this, we process your email address and any additional data you voluntarily provided during newsletter registration.

Processing is based on Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time without affecting the lawfulness of processing carried out on the basis of the consent until revocation.

You can unsubscribe at any time via the link in the newsletter or by notifying us. Your email address will then be removed from the distribution list. Despite removal, we may store your email address in a so-called blacklist to prevent you from receiving newsletter emails from us in the future. This storage is based on Art. 6(1)(f) GDPR due to our legitimate interest and your interest in preventing the renewed use of your email address for sending our newsletter. You have the right to object at any time, for reasons arising from your particular situation, to this processing of personal data concerning you.

Use of Email Address for Direct Advertising

We use your email address, which we received in connection with the sale of goods or services, to send electronic advertising for our own goods or services similar to those you have already purchased from us, as long as you have not objected to this use. Providing the email address is required for concluding the contract. Failure to provide it means no contract can be concluded. Processing is based on Art. 6(1)(f) GDPR due to our overriding legitimate interest in direct advertising.

You can object to this use of your email address at any time by notifying us. The contact details for exercising your objection can be found in the legal notice (Imprint). You can also use the link provided in the advertising email. No costs will arise other than the transmission costs according to the basic tariffs.

Use of Klaviyo

We use Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA; “Klaviyo”) for sending newsletters within the scope of data processing on our behalf.

We pass the information you provided during newsletter registration (email address, possibly first and last name) to Klaviyo. Data processing serves the purpose of sending newsletters and their statistical evaluation.

To evaluate newsletter campaigns, the newsletters contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This allows us to determine whether you opened the newsletter and whether you clicked on integrated links. In this context, we collect personal data such as IP address, browser type and device, and time. From this data, usage profiles can be created under a pseudonym. The collected data is not used to personally identify you. It is used solely for statistical evaluation to improve newsletter campaigns.

Your data is generally transferred to and stored on Klaviyo servers in the USA. For the USA, an adequacy decision by the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Klaviyo has certified under the TADPF and is therefore obliged to comply with European data protection principles.

Processing of your personal data is based on Art. 6(1)(f) GDPR due to our overriding legitimate interest in a targeted, effective and user-friendly newsletter system. You have the right to object at any time, for reasons arising from your particular situation, to processing of personal data concerning you.

Further information on Klaviyo’s data protection can be found at:
https://www.klaviyo.com/legal/privacy-notice and
https://www.klaviyo.com/legal/data-processing-agreement.

Shipping Service Providers

Disclosure of Email Address to Shipping Companies for Shipment Status Information

We provide your email address to the carrier within the scope of contract processing, provided that you have expressly consented during the ordering process. The disclosure serves the purpose of informing you about the shipping status by email.

Processing is based on Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time by notifying us or the carrier, without affecting the lawfulness of processing carried out on the basis of the consent until revocation.

Cookies

Our website uses cookies. Cookies are small text files stored on the user’s computer system by the internet browser. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables unique identification of the browser when the website is accessed again.

Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide on acceptance individually, and you can prevent the storage of cookies and the transmission of the data contained in them. Cookies already stored can be deleted at any time. However, we point out that you may then not be able to use all functions of this website to their full extent.

You can find information on how to manage cookies in the most common browsers (including disabling them) at the following links:
Chrome: https://support.google.com/accounts/answer/61416?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically Necessary Cookies

Unless otherwise stated below in this privacy policy, we only use these technically necessary cookies for the purpose of making our offering more user-friendly, effective and secure. Cookies also enable our systems to recognize your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized again after a page change.

The use of cookies or comparable technologies takes place on the basis of § 25(2) TDDDG. Processing of your personal data is based on Art. 6(1)(f) GDPR due to our overriding legitimate interest in ensuring optimal website functionality and a user-friendly and effective design of our offering.

You have the right to object at any time, for reasons arising from your particular situation, to processing of personal data concerning you.

Use of the Shopify Consent Tool (Shopify Privacy & Compliance)

We use the consent tool “Shopify Privacy & Compliance” of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; “Shopify”). Shopify is affiliated with Shopify Inc. (151 O’Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).

The tool enables you to give consent to data processing via the website, especially the setting of cookies, and to exercise your right to withdraw consent already given. Data processing serves the purpose of obtaining and documenting the required consents for data processing and thus complying with legal obligations. Cookies may be used for this. User information, including your IP address, may be collected and transmitted to Shopify.

Data processing is carried out to fulfill a legal obligation on the basis of Art. 6(1)(c) GDPR.

Further information on Shopify’s data protection can be found at: https://www.shopify.com/de/legal/datenschutz.

Advertising Tracking

Use of the Meta Pixel

We use the Meta Pixel of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “Meta”).

Meta and we are joint controllers for the collection of your data and the transfer of this data to Meta when integrating the service. The basis is an agreement between us and Meta on joint processing of personal data, which sets out the respective responsibilities. The agreement is available at: https://de-de.facebook.com/legal/terms/businesstools. According to this, we are responsible in particular for fulfilling information obligations under Art. 13, 14 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to correct technical implementation and configuration, and for compliance with obligations under Art. 33, 34 GDPR insofar as a personal data breach concerns our obligations. Meta is responsible for enabling data subject rights under Art. 15–20 GDPR, complying with the security requirements of Art. 32 GDPR regarding service security, and fulfilling obligations under Art. 33, 34 GDPR insofar as a personal data breach concerns Meta’s obligations.

The application serves the purpose of addressing visitors of the website with interest-based advertising on Facebook and Instagram. For this, Meta’s remarketing tag is implemented on the website. When visiting the website, a direct connection to Meta servers is established, thereby transmitting to Meta which of our pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram account. When you visit Facebook or Instagram, personalized, interest-based ads will be displayed to you.

The application also serves the purpose of creating conversion statistics. We learn the total number of users who clicked on one of our ads and were redirected to a page equipped with a conversion tracking tag, and which actions were then taken. However, we do not receive information that personally identifies users.

Your data may be transferred to the USA. For the USA, an adequacy decision by the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified under the TADPF and is therefore obliged to comply with European data protection principles.

Processing of your personal data takes place with your consent on the basis of Art. 6(1)(a) GDPR. You may revoke your consent at any time without affecting the lawfulness of processing carried out on the basis of the consent until revocation.

You can deactivate the remarketing function “Custom Audiences” here. Further information about Meta’s data collection and use and your rights and options to protect your privacy can be found in Meta’s privacy information at: https://www.facebook.com/about/privacy/.

Use of Google Ads Conversion Tracking

We use the online advertising program “Google Ads” and, in this context, conversion tracking (visit action evaluation). Google Conversion Tracking is an analytics service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”).

If you click on an ad placed by Google, a conversion tracking cookie is stored on your computer. These cookies have limited validity, contain no personal data and therefore do not serve personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page. Each Google Ads customer receives a different cookie. Therefore, cookies cannot be tracked across the websites of Ads customers.

The information collected using the conversion cookie is used to create conversion statistics. We learn the total number of users who clicked on an ad and were redirected to a page marked with a conversion tracking tag. However, we do not receive information that personally identifies users.

We use the advanced implementation of Consent Mode (Advanced Consent Mode). In this case, even if consent is not given, usage data is transmitted to Google in the form of “pings”. These pings may include, among other things: IP address to derive the IP country (the IP address is not logged), date and time of the page view, URL of the pages visited, user-agent, referrer URL (website from which our website was accessed) or information about triggering website events such as a conversion. Based on this information, Google models user data to enable comprehensive usage analysis even if consent is refused.

Your data may be transferred to servers of Google LLC in the USA. For the USA, an adequacy decision by the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified under the TADPF and is therefore obliged to comply with European data protection principles.

The use of cookies or comparable technologies takes place with your consent on the basis of § 25(1) sentence 1 TDDDG in conjunction with Art. 6(1)(a) GDPR. Processing of your personal data takes place with your consent on the basis of Art. 6(1)(a) GDPR. You may revoke your consent at any time without affecting the lawfulness of processing carried out on the basis of the consent until revocation.

Further information and Google’s privacy policy can be found at: https://www.google.de/policies/privacy/.

Use of Google AdSense

We use the AdSense function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). Data processing serves the purpose of renting advertising space on the website and addressing website visitors with interest-based advertising. Through this function, visitors to the provider’s website are shown personalized, interest-based ads from the Google Display Network. Google uses cookies that enable analysis of your use of the website.

The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. For the USA, an adequacy decision by the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified under the TADPF and is therefore obliged to comply with European data protection principles. Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Google will in no case associate your IP address with other data held by Google.

Further information and Google’s privacy policy can be found at:
https://www.google.com/policies/technologies/ads/ and https://www.google.de/policies/privacy/.

Use of TikTok Pixel

We use the TikTok Pixel of TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland; “TikTok Ireland”) and TikTok Information Technologies UK Limited (6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom; “TikTok UK”). Both companies are joint controllers for data processing (hereinafter “TikTok”).

Data processing serves the purpose of identifying and analyzing website access by our customers, improving customer targeting through tailored ads, and evaluating the effectiveness of ads on TikTok. TikTok uses technologies such as cookies and pixels that enable recognition of your browser. The following information may be collected and transmitted to TikTok: date and time of visit, information about the browser and device type you use, screen resolution, IP address. TikTok can assign this information to your personal TikTok account. Usage profiles can be created from the data under pseudonyms. Personal identification of users is not possible.

Your data may be transferred to third countries, such as the USA. For the USA, an adequacy decision by the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). TikTok is not certified under the TADPF. Transfers to the USA and to third countries without an adequacy decision are carried out, among other things, on the basis of standard contractual clauses as suitable safeguards for the protection of personal data, available at:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.

Further information on data protection can be found at:
https://www.tiktok.com/legal/page/eea/privacy-policy/de and
https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

Data Subject Rights and Storage Duration

Storage Duration

After complete contract processing, data will initially be stored for the duration of the warranty period, then in compliance with statutory retention periods, in particular tax and commercial retention obligations, and then deleted after expiry of these periods, unless you have consented to further processing and use.

Rights of the Data Subject

If the statutory requirements are met, you have the following rights under Art. 15 to 20 GDPR: right of access, rectification, erasure, restriction of processing, data portability.

In addition, you have the right under Art. 21(1) GDPR to object to processing based on Art. 6(1)(f) GDPR, as well as to processing for the purpose of direct advertising.

Right to Lodge a Complaint with a Supervisory Authority

Under Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that processing of your personal data is unlawful.

You may lodge a complaint, among others, with the supervisory authority responsible for us, which you can contact at:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Königstrasse 10 a
70173 Stuttgart
Phone: +49 711 6155410
Fax: +49 711 61554115
Email: poststelle@lfdi.bwl.de

Right to Object

If the processing of personal data listed here is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future.

After an objection, the processing of the data concerned will be stopped unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or where processing serves the establishment, exercise or defense of legal claims.

If personal data is processed for direct advertising purposes, you can object to this processing at any time by notifying us. After an objection, we will stop processing the data concerned for direct advertising purposes.

Last updated: 22.10.2026