Privacy Policy

**1) INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE CONTROLLER**

**1.1** Thank you for visiting our website and for your interest. Below, we will inform you about the processing of your personal data when using our website. Personal data includes all data that allows us to personally identify you.

**1.2** The data controller of this website under the Data Protection Regulation (GDPR) is DYA LIMITED. The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

**1.3** For security reasons and to protect the transmission of personal data and other confidential content (such as orders or inquiries to the data controller), SSL or TLS encryption is used. You can recognize an encrypted connection by the "https://" string and the lock symbol in the browser bar.

**2) DATA COLLECTION DURING YOUR VISIT TO OUR WEBSITE**

If you use our website for informational purposes only, that is, if you do not register or otherwise provide us with information, we only collect the data that your browser sends to our server (the so-called "server log files"). When you visit our website, we collect the following data, which are technically necessary to display the website to you:

- Our website visited
- Date and time at the moment of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be transferred or otherwise used. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

**3) COOKIES**

To make the visit to our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your end device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). When cookies are set, they collect and process certain user information, such as browser and location data as well as IP address values, to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

In some cases, cookies are used to simplify the ordering process by saving settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the execution of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the visit to the site.

We may work with advertising partners who help us make our website more interesting for you. For this purpose, cookies from partner companies are stored on your hard drive when you visit our website (third-party cookies). If we cooperate with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following paragraphs.

Please note that you can set your browser to inform you about the setting of cookies and to decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find this for each browser at the following links:

- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://support.mozilla.org/en/kb/cookies-erlauben-und-ablehnen
- Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
- Safari: https://support.apple.com/kb/ph21411?locale=en_US
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that the functionality of our website may be limited if you do not accept cookies.

**4) CONTACTING US**

When you contact us (e.g., via a contact form or email), your personal data will be collected. The specific data collected in the case of a contact form can be seen on the respective contact form. This data is used exclusively to respond to your inquiry or to contact you and for the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted after the final processing of your request if it can be inferred from the circumstances that the matter in question has been fully clarified, and provided that there are no statutory retention obligations.

**5) DATA PROCESSING FOR THE OPENING OF A CUSTOMER ACCOUNT AND FOR CONTRACT PROCESSING**

In accordance with Art. 6 Para. 1 lit. b GDPR, personal data will be collected and processed if you provide it to us for the execution of a contract or the opening of a customer account. The data collected can be seen on the respective entry forms. You can delete your customer account at any time by sending a message to the address of the controller mentioned above. The data you provide will be stored and used for contract processing. Upon completion of the contract processing or deletion of your customer account, your data will be stored in accordance with tax and commercial law retention periods and deleted after these periods expire unless you have expressly consented to further use of your data or we have reserved the right to use your data for other purposes that are permitted by law and of which we inform you below.

**6) USE OF YOUR DATA FOR DIRECT ADVERTISING**

**6.1 Subscription to our email newsletter**

If you subscribe to our newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of any additional data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you a newsletter via email if you have explicitly confirmed that you agree to the sending of newsletters. We will then send you a confirmation email asking you to confirm that you wish to receive future newsletters by clicking on the appropriate link.

By activating the confirmation link, you consent to the use of your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. When you subscribe to the newsletter, we store the IP address entered by your internet service provider (ISP) as well as the date and time of registration, to prevent any possible misuse of your email address at a later date. The data collected when subscribing to the newsletter is used exclusively for advertising purposes in the newsletter.

You can unsubscribe from the newsletter at any time by clicking on the link provided in the newsletter or by sending a corresponding message to the person responsible, as mentioned above. After unsubscribing, your email address will be immediately removed from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data in a manner permitted by law and of which we inform you in this declaration.

**6.2 Sending email newsletters to existing customers**

If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular offers for similar goods or services from our range via email. For this, we do not need to obtain separate consent from you. The data processing is carried out solely based on our legitimate interest in personalized direct advertising in accordance with Art. 6 Para. 1 lit. f GDPR. If you initially objected to the use of your email address for this purpose, we will not send you emails. You have the right to object to the use of your email address for the aforementioned advertising purposes at any time, with effect for the future, by notifying the person responsible as mentioned above. In this case, you will only incur transmission costs according to the basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will immediately cease.

**7) DATA PROCESSING FOR ORDER PROCESSING**

**7.1 The personal data we collect will be transmitted to the transport company entrusted with the delivery, to the extent necessary for the delivery of the goods. Payment data is transmitted to the credit institution responsible for processing the payment, to the extent necessary for processing the payment. If payment service providers are used, we will explicitly inform you of this below. The legal basis for the data transfer is Art. 6 Para. 1 lit. b GDPR.**

**7.2 Use of payment service providers (payment service providers)**

- **PayPal**  
If you choose to pay via PayPal, credit card via PayPal, direct debit via PayPal, or — if offered — "purchase on account" or "installment payment" via PayPal, we will transmit your data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") for the purpose of processing the payment. The data transfer is made in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent necessary for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods of credit card via PayPal, direct debit via PayPal, or — if offered — "purchase on account" or "installment payment" via PayPal. For this purpose, the payment data will be processed based on the legitimate interest of PayPal in determining your solvency according to Art. 6 Para. 1 lit. f GDPR. The result of the credit check in terms of the statistical probability of non-payment may include probability values (so-called score values). Insofar as score values are included in the result of the credit check, these are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, among other things, address data. For further information on data protection law, including the credit agencies used, please refer to PayPal’s privacy policy: [https://www.paypal.com/de/webapps/mpp/ua/privacy-full](https://www.paypal.com/de/webapps/mpp/ua/privacy-full)

You can object to the processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

**8) CONTACT FOR RATING REMINDER**

Rating Reminder (not sent by a customer rating system)

We will use your email address to send you a one-time reminder to submit a rating of your order to the rating system we use, provided that you have given us your explicit consent to do so during or after your order, in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time by sending a message to the data controller.

**9) USE OF SOCIAL MEDIA: SOCIAL PLUGINS**

**9.1 Facebook plugin as a Shariff solution**

Our website uses so-called social plugins ("plugins") from the social network Facebook, which is operated by Facebook Inc. To better protect your data when you visit our website, these buttons are not fully integrated into the site as plugins but are only integrated using an HTML link. This type of integration ensures that no connection to Facebook’s servers is established when a page of our website containing such buttons is accessed. When you click on the button, a new browser window opens and calls up the Facebook page where you can interact with the plugins there (if necessary, after entering your login data).

Facebook Inc., based in the USA, is certified under the "US-European Privacy Shield", which ensures compliance with the level of data protection applicable in the EU.

The purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook’s privacy policy: [https://www.facebook.com/policy.php](https://www.facebook.com/policy.php)

**9.2 Google+ plugin as a Shariff solution**

Our website uses so-called social plugins ("plugins") from the social network Google+, which is operated by Google LLC. To better protect your data when you visit our website, these buttons are not fully integrated into the site as plugins but are only integrated using an HTML link. This type of integration ensures that no connection to Google+ servers is established when a page of our website containing such buttons is accessed. When you click on the button, a new browser window opens and calls up the Google+ page where you can interact with the plugins there (if necessary, after entering your login data).

Google LLC, based in the USA, is certified under the US-European data protection agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.

The purpose and scope of data collection and the further processing and use of the data by Google, as well as your rights in this regard and setting options for protecting your privacy, can be found in Google’s privacy policy: [https://www.google.com/intl/de/policies/privacy/](https://www.google.com/intl/de/policies/privacy/)

**9.3 Instagram plugin as a Shariff solution**

Our website uses so-called social plugins ("plugins") from the online service Instagram, which is operated by Instagram LLC. To better protect your data when you visit our website, these buttons are not fully integrated into the site as plugins but are only integrated using an HTML link. This type of integration ensures that no connection to Instagram’s servers is established when a page of our website containing such buttons is accessed. When you click on the button, a new browser window opens and calls up the Instagram page where you can interact with the plugins there (if necessary, after entering your login data).

Instagram LLC, based in the USA, is certified under the "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.

The purpose and scope of data collection and the further processing and use of the data by Instagram, as well as your rights in this regard and setting options for protecting your privacy, can be found in Instagram’s privacy policy: [https://help.instagram.com/155833707900388/](https://help.instagram.com/155833707900388/)

**10) ONLINE MARKETING**

**10.1 DoubleClick by Google**

This website uses the online marketing tool DoubleClick by Google, operated by Google LLC.

DoubleClick uses cookies to display relevant ads to users, improve campaign performance reports, or prevent a user from seeing the same ad multiple times. Google uses a cookie ID to record which ads are displayed in which browser and thus prevent them from being displayed more than once. The processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 Para. 1 lit. f DSGVO.

Additionally, DoubleClick may use cookie IDs to record conversions related to ad requests. This happens, for example, when a user sees a DoubleClick ad and later visits the advertiser's website using the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain personal information.

With the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool, and therefore inform you based on our knowledge: through the integration of DoubleClick, Google receives the information that you have visited the relevant part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, it is still possible that the provider will obtain and store your IP address.

If you wish to object to participation in this tracking procedure, you can deactivate the conversion tracking cookies by setting your browser to block cookies from the domain www.googleadservices.com, at https://www.google.de/settings/ads, with this setting being deleted when you delete your cookies. You can also contact the Digital Advertising Alliance at www.aboutads.info to learn about the setting of cookies and to adjust your settings accordingly. Finally, you can configure your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be limited.

Google LLC, based in the USA, is certified under the US-European data protection agreement "Privacy Shield," which guarantees compliance with the data protection level applicable in the EU.

You can obtain further information about the privacy policy of DoubleClick by Google at the following Internet address: https://www.google.de/policies/privacy/

**10.2 Use of Google AdWords Conversion Tracking**

This website uses the online advertising program "Google AdWords" and, within the framework of Google AdWords, the conversion tracking of Google LLC. We use the offers of Google AdWords to draw attention to our attractive offers on external websites by means of advertising material (so-called Google AdWords). We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In doing so, we pursue the interest of showing you advertising that is of interest to you, making our website more interesting to you, and achieving a fair calculation of advertising costs.

The conversion tracking cookie is set when a user clicks on a Google AdWords ad. Cookies are small text files that are stored on your computer system. These cookies usually expire after 30 days and are not intended to personally identify you. If you visit certain pages on this website and the cookie has not expired, Google and we can recognize that you clicked on the ad and were redirected to this page. Each Google AdWords customer receives a different cookie. Cookies cannot therefore be tracked through the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users.

If you do not want to participate in the tracking process, you can block this use by deactivating the Google Conversion Tracking cookie via your internet browser under user settings. In doing so, you will not be included in the conversion tracking statistics. We use Google AdWords based on our legitimate interest in targeted advertising in accordance with Art. 6 Para. 1 lit. f DSGVO.

Google LLC, based in the USA, is certified under the US-European data protection agreement "Privacy Shield," which ensures compliance with the data protection level in the EU.

Further information on Google's privacy policy can be found at the following Internet address: https://www.google.de/policies/privacy/

You can permanently disable cookies for ad preferences by setting your browser software accordingly or by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/plugin?hl=de

Please note that certain functions of this website may not be available or may be limited if you have disabled the use of cookies.

**11) WEB ANALYSIS SERVICES**

**Google (Universal) Analytics**

This website uses Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses "cookies" (text files placed on the user's computer) to facilitate the website and allow the analysis of your use of the website. The information generated by the cookie about your use of the website (including your IP address) is generally transmitted to a Google server in the United States and stored there.

This website uses Google Analytics exclusively with the extension "anonymizelp()", which ensures IP address anonymization by shortening it and excludes direct reference to a person. The extension ensures that your IP is processed by Google within the member states of the European Union or in other countries that have been declared "not anonymized" under the European Economic Area Agreement. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. In these exceptional cases, this processing is carried out based on our legitimate interest in statistical analysis of user behavior for optimization and marketing purposes, in accordance with Art. 6 Para. 1 lit. f DSGVO.

Google will use this information on our behalf to evaluate the use of the website by users, to compile reports on website activity, and to provide other services related to website activity and internet usage. The IP address provided by your browser as part of Google Analytics will not be merged with other data.

You can refuse the use of cookies by selecting the appropriate settings in your browser. However, please note that in this case, you may not be able to use all the features of Google Analytics. You can also refuse the use of cookies by selecting the appropriate settings in your browser; however, we remind you that you may not be able to use all features of this website.

To prevent Google from collecting and processing data about your use of the website (including your IP address), you can download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Alternatively, for mobile devices, click on the following link to set an opt-out cookie that prevents Google Analytics from collecting data on this website in the future (this opt-out cookie only works in this browser and for this domain; if you delete the cookies in this browser, you will need to click this link again): Google Analytics Opt-Out

Google LLC, based in the USA, is certified under the US-European data protection agreement "Privacy Shield," which guarantees compliance with the data protection level applicable in the EU.

This website also uses Google Analytics for analyzing visitor flows across different devices. This is done using a user ID. When a page is first opened, the user is assigned a unique, permanent, and anonymous ID that can be set across all devices. This allows data from interactions across different devices and sessions to be assigned to a single user. The user ID does not contain personal data and does not send any personal data to Google.

Users can object to the collection and storage of data via the user ID at any time in the future. To do so, Google Analytics needs to be disabled on all systems you use, for example, in another browser or on your mobile device.

The deactivation can be done using a Google browser plug-in (https://tools.google.com/dlpage/gaoptout?hl=en). Alternatively, for mobile devices or within browsers, click on the following link to set an opt-out cookie to prevent future data collection by Google Analytics on this website. (This opt-out cookie only works in this browser and for this domain; if you delete the cookies in this browser, you need to click this link again): Google Analytics Opt-Out

Further information on Universal Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=6010376

**12) RETARGETING/REMARKETING/REFERRAL ADVERTISING**

**Facebook Custom Audience through the Pixel Process**

This website uses the "Facebook Pixel" from Facebook Inc. With explicit consent, this allows tracking of user behavior after they have viewed or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising measures.

The data collected is anonymous to us and therefore does not allow us to know the identity of users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible, and Facebook uses the data for its own advertising purposes, in accordance with Facebook’s data usage policy (https://www.facebook.com/about/privacyl).

Users can allow Facebook and its partners to display ads on Facebook and outside of Facebook. For this purpose, a cookie may be stored on your computer. These processing operations are carried out only with your explicit consent according to Art. 6 Para. 1 lit. a DSGVO. Consent to use the Facebook Pixel can only be given by users over the age of 13. If you are younger, we ask that you seek permission from your parent or guardian.

Facebook Inc., based in the USA, is certified under the "Privacy Shield" (US-European Privacy Shield), which guarantees compliance with the data protection level in the EU.

To disable the use of cookies on your computer, you can set your internet browser to prevent cookies from being installed on your computer in the future or to delete cookies already stored. However, disabling all cookies may mean that some features of our website may no longer be performed. You can prevent the use of cookies by third parties, such as Facebook, on the Digital Advertising Alliance website: https://www.aboutads.info/choices/

**Google AdWords Remarketing**

Our website uses Google AdWords Remarketing functions. This service is provided by Google LLC. For this purpose, Google places a cookie in the browser of your device that automatically identifies your interests based on a pseudonymous cookie ID and the pages you visit.

The processing is based on our legitimate interest in optimal marketing of our website in accordance with Art. 6 Para. 1 lit. f DSGVO. Further data processing occurs only if you have given consent to Google to link your browsing history on the internet and in apps to your Google account. Google uses your information from your Google account to personalize the ads you see on the internet. If you visit our website, Google will use your data together with Google Analytics to create and define target lists for cross-device remarketing.

For this purpose, Google temporarily combines your personal data with Google Analytics data to define target groups. You can permanently disable cookies for ad preferences by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/

You can also contact the Digital Advertising Alliance at www.aboutads.info for information on cookie settings and to make the necessary settings. Finally, you can configure your browser to inform you about cookie settings and decide individually whether to accept cookies or exclude their acceptance in general. If you do not accept cookies, the functionality of our website may be limited.

Google LLC, based in the USA, is certified under the "Privacy Shield" (US-European Privacy Shield), which guarantees compliance with the data protection level applicable in the EU.

Further information and data protection regulations related to advertising and Google can be found here: https://www.google.com/policies/technologies/ads/

13) RIGHTS OF THE DATA SUBJECT

13.1 Applicable data protection legislation grants you the following rights in relation to the processing of your personal data by the data controller:

- **Right to Information** (Article 15 GDPR): You have the right to be informed about the personal data we process, including the purposes of processing, categories of personal data processed, recipients or categories of recipients to whom your data has been or will be disclosed, the planned duration of data storage or criteria used to determine the storage period, the existence of the right to rectification, erasure, restriction of processing, objection to processing, lodging a complaint with a supervisory authority, the origin of your data if not collected from you directly, the existence of automated decision-making, including profiling, and where applicable, meaningful information about the logic involved and the consequences of such processing for you, as well as information about the safeguards under Article 46 GDPR when your data is transferred to third countries.

- **Right to Rectification** (Article 16 GDPR): You have the right to obtain the rectification of inaccurate data and/or the completion of incomplete data stored by us.

- **Right to Erasure** (Article 17 GDPR): You have the right to request the deletion of your personal data if the conditions under Article 17(1) GDPR are met. However, this right does not apply if the processing is necessary for the exercise of the right to freedom of expression and information, compliance with a legal obligation, reasons of public interest, or the establishment, exercise, or defense of legal claims.

- **Right to Restriction of Processing** (Article 18 GDPR): You have the right to request the restriction of processing of your personal data while its accuracy is verified, if you request deletion of your data, or if you oppose the deletion of your data due to unlawful processing, and request the restriction of processing instead, if you need the data for the establishment, exercise, or defense of legal claims, after we no longer need the data once the purpose has been achieved, or if you have objected based on your particular situation, as long as it has not been determined whether our legitimate grounds override your rights and freedoms.

- **Right to Notification** (Article 19 GDPR): You have the right to be informed about the rectification, erasure, or restriction of processing of your personal data by the data controller. The data controller must inform all recipients to whom your personal data has been disclosed about such rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

- **Right to Data Portability** (Article 20 GDPR): You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, or to request the transfer of your personal data to another data controller, as long as this is technically feasible.

- **Right to Withdraw Consent** (Article 7(3) GDPR): You have the right to withdraw consent for data processing at any time with future effect. Upon withdrawal, we will promptly erase the data unless further processing is based on a legal basis for processing without consent. Withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal.

- **Right to Lodge a Complaint** (Article 77 GDPR): If you believe that your personal data is being processed in violation of the GDPR, you have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. This complaint can be lodged with a supervisory authority in the Member State of your residence, place of work, or where the alleged infringement occurred.

13.2 **Right to Object**

If we process your personal data based on a legitimate interest, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. If you exercise your right to object, we will cease processing the data in question. Further processing may only continue if we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms; or if the processing is necessary for the establishment, exercise, or defense of legal claims. 

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes. You may object as described above. If you exercise your right to object, we will stop processing your data for direct marketing purposes.

### 14) DATA RETENTION PERIOD

The duration of data retention is determined based on the respective legal retention periods (e.g., commercial and tax retention periods). Upon expiry of the retention period, the data is routinely erased if it is no longer necessary for the performance of the contract and/or if we do not have a legitimate interest in retaining the data.