Hello Jack GmbH

Privacy policy

Privacy policy

We are pleased that you are interested in our offer and thank you for your trust. Trust is important to us and therefore the protection of your privacy when using our website is also important to us. We always treat your data with the utmost confidentiality and naturally observe all relevant legal regulations.


Privacy policy

In this data protection declaration we inform you about the processing of personal data when using our website.

Personal data is information that relates to an identified or identifiable person. This includes, above all, information that allows conclusions to be drawn about your identity, for example your name, your telephone number, your address or e-mail address. Statistical data which we collect, for example, when you visit our website and which cannot be linked to your person do not fall under the term personal data.

You can print or save this privacy policy by using the usual functionality of your browser.



Contact person

The contact person and so-called controller for the processing of your personal data when visiting this website within the meaning of the EU General Data Protection Regulation (GDPR) is Hello Jack GmbH, Mühlenstrasse 23 B 13187 Berlin email: hi@hellojack.eu.

For all questions on the subject of data protection in connection with the use of our website, you can also contact our data protection officer at any time. He or she can be reached at the above postal address and at the e-mail address given above (keyword: "attn. data protection officer"). 



Data processing on our website

2.1 Calling up our website / access data

Each time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data include in particular:

IP address of the requesting device;
Date and time of the request;
Address of the website accessed and the requesting website;
Information about the browser used and the operating system;
Online identifiers (e.g. device identifiers, session IDs).

The data processing of this access data is necessary to enable the visit of the website and to ensure the permanent functionality and security of our systems. The access data is also temporarily stored in internal log files for the purposes described above, in order to compile statistical information about the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g. if the proportion of mobile devices used to access the pages increases) and to generally maintain our website administratively. The legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO.

The information stored in the log files does not allow any direct conclusions to be drawn about your person; in particular, we only store the IP addresses in shortened, anonymised form. The log files are stored for 30 days and archived after subsequent anonymisation.

2.2 Contacting us

You have various options for contacting us. In this context, we process the data you provide when contacting us exclusively for the purpose of communicating with you. The legal basis is Art. 6 para. 1 lit. b DSGVO. The data we collect will be automatically deleted after we have fully processed your request, unless we still need your request to fulfil contractual or legal obligations (see section "Storage period"). 

2.3 Registration

You have the option of registering for our login area in order to be able to use the full range of functions of our website (e.g. to place orders in our online shop, except for guest orders). We have highlighted the data you are required to enter by marking them as mandatory fields. Registration is not possible without this data. The legal basis for the processing is Art. 6 Para. 1 lit. b DSGVO.

2.4 Orders

In the case of an order process, we collect mandatory data necessary for the processing of the contract:

First and last name;
Date of birth (only for some payment methods);
E-mail address;
password;
Billing and shipping address;
Payment information, payment data.

Optionally, information such as telephone and fax numbers are possible so that we can also contact you via these channels in the event of queries. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b DSGVO.


2.5 Payment options, payment service providers

For orders in our online shop, we offer the payment methods commonly used in the online sector (e.g. PayPal, invoice, instant transfer, direct debit and credit card). We work with various payment service providers from whom we receive your payment data or to whom we transmit your payment data. Without these payment data and payment service providers, the payment and contract processing is not possible. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b DSGVO.

Our payment service providers are in particular

for payment by Paypal: PayPal (Europe) S.à r.l. et Cie, S.C.A, 22-24 Boulevard Royal, L-2449 Luxembourg (https://www.paypal.com);
for payment by invoice, instant transfer, direct debit and credit card: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (https://www.klarna.com/de/).


In order to be able to offer you Klarna's payment options, we will transmit personal data, such as contact details and order data, to Klarna. This enables Klarna to assess whether you are eligible for the payment options offered via Klarna and to adapt the payment options to your needs. You can find general information about Klarna here. Your personal data will be treated by Klarna in accordance with the applicable data protection regulations and as specified in Klarna's privacy policy. 

For payment by debit card: Shopify Payments (USA) Inc, 150 Elgin St 8th Fl, Ottawa, ON, K2P 1L4 (https://www.shopify.de/payments).


In order to provide you with Shopify Payments (USA) Inc. payment options, we will transfer personal information, such as contact information and order information, to Shopify Payments (USA) Inc. This enables Shopify Payments (USA) Inc. to assess whether you are eligible for the payment options offered through Shopify Payments (USA) Inc. and to tailor the payment options to your needs. For general information about Shopify Payments, click here. Your personal information will be handled by Shopify Payments in accordance with applicable privacy laws and as disclosed in Shopify Payment (USA) Inc. privacy policy.

2.6 Newsletters and Promotional Mailings

You have the option of subscribing to our newsletters, in which we will regularly inform you about innovations to our products and promotions.

To order our newsletters, we use the so-called double opt-in procedure, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you are the owner of the e-mail address provided. If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The storage serves the sole purpose of sending you the newsletter and being able to prove your registration.

In addition, we send you promotional mailings in which we ask you, for example, for your feedback on your order or inform you about the products you have purchased or products that are related to your purchase. The legal basis for this data processing is Art. 6 para. 1 lit. f DSGVO.

For the dispatch of our newsletters and promotional mailings, we work together with service providers to whom we transmit, among other things, your e-mail address and your newsletter registration in order to be able to send you the newsletters and promotional mailings. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b, f DSGVO.

We will only pass on your data to third parties within the framework of the legal provisions or with the corresponding consent. Otherwise, we will not disclose your data to third parties unless we are obliged to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies). 

The necessary data protection contracts have been concluded with all service providers.

You can unsubscribe from the newsletter and promotional mailings at any time or object to receiving them. A corresponding unsubscribe link can be found in every newsletter and advertising mailing. A message to the contact details provided above or in the newsletter (e.g. by e-mail or letter) is of course also sufficient for this purpose. The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a DSGVO.

For the dispatch of our newsletters and promotional mailings, we work together with service providers to whom we transmit, among other things, your email address and your newsletter registration in order to be able to send you the newsletters and promotional mailings. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b, f DSGVO.

We will only pass on your data to third parties within the framework of the legal provisions or with the corresponding consent. Otherwise, we will not disclose your data to third parties unless we are obliged to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies). 

The necessary data protection contracts have been concluded with all service providers.

You can unsubscribe from the newsletter and promotional mailings at any time or object to receiving them. A corresponding unsubscribe link can be found in every newsletter and advertising mailing. A message to the contact details provided above or in the newsletter (e.g. by e-mail or letter) is of course also sufficient for this purpose. The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a DSGVO.

In our newsletters and promotional mailings, we use standard market technologies with which the interactions with the newsletters can be measured (e.g. opening of the e-mail, links clicked on). We use this data in pseudonymous form for general statistical evaluations and to optimise and further develop our content and customer communication. This is done with the help of small graphics embedded in the newsletter (so-called pixels). The data is collected exclusively in pseudonymised form and is not linked to your other personal data. The legal basis for this is our aforementioned legitimate interest in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO. We want to share content that is as relevant as possible for our customers via our newsletter and better understand what readers are actually interested in. If you do not want the analysis of usage behaviour, you can unsubscribe from the newsletters or deactivate graphics in your email programme by default. The data on interaction with our newsletters is stored pseudonymously for 30 days and then completely anonymised.

Customer satisfaction survey

As a Hello Jack customer, you will regularly receive customer satisfaction surveys directly after placing an order in our shop and by e-mail. You will receive these customer satisfaction surveys by e-mail regardless of whether you have subscribed to a newsletter (legal basis Art. 6 para. 1 p. 1 lit. f DS-GVO). The data is collected pseudonymously by our service provider zenloop GmbH - Brunnenstraße 196, 10119 Berlin and used exclusively for market and opinion research purposes for Hello Jack.



Advertising by e-mail according to § 7 para. 3 UWG
Within the scope of the legal permission according to § 7 para. 3 UWG, Hello Jack GmbH is entitled to use the e-mail address, which was given when purchasing a paid service, for direct advertising for its own similar products or services. If you no longer wish to receive advertising for similar products or services, you can object to the corresponding use of your email address at any time without incurring any costs other than the transmission costs according to the basic rates. To do so, you can unsubscribe from the product recommendation mailings by clicking on the unsubscribe link contained in each mailing or by sending an e-mail to hi@hellojack.eu.

2.7 Surveys and competitions

If you participate in one of our surveys, we use your data for market and opinion research. We evaluate the data anonymously for internal purposes. If, exceptionally, surveys are not evaluated anonymously, the data will only be collected with your consent. In the case of anonymous surveys, the DSGVO is not applicable and in the case of exceptionally personal evaluations, the legal basis is the aforementioned consent according to Art. 6 para. 1 p. 1 lit. a DSGVO.

In the context of competitions, we use your data for the purpose of conducting the competition and notifying you of the prize. Detailed information can be found in the conditions of participation for the respective competition. The legal basis for the processing is the competition contract pursuant to Art. 6 para. 1 p. 1 lit. b DSGVO.

2.8 Applications

You can apply for open positions with us at any time. The purpose of the data collection is the selection of applicants for the possible establishment of an employment relationship. For the purpose of receiving and processing your application, we collect the following data in particular: First name and surname, e-mail address, application documents (e.g. references, CV), date of earliest possible start of employment and salary requirement Legal basis for the processing of your application data is the following  is Art. 6 para. 1 sentence 1 lit. b and Art. 88 para. 1 DSGVO in conjunction with § 26 para. 1 sentence 1 BDSG.

2.9 Use of our own cookies

For some of our services, it is necessary for us to use so-called cookies. A cookie is a small text file that is stored on your device by the browser. Cookies are not used to run programs or download viruses onto your computer. The main purpose of our own cookies is rather to provide an offer tailored specifically to you and to make the use of our services as time-saving as possible.

Most browsers are set to accept cookies by default. However, you can adjust your browser settings so that cookies are rejected or only stored with your prior consent. If you reject cookies, not all of our offers can function without problems for you.

We use our own cookies in particular

for login authentication,
for load balancing,
for the wish list function,
to store your shopping basket across sessions.
to note that information placed on our website has been displayed to you - so that it is not displayed again the next time you visit the website.

Our aim is to provide you with a more convenient and personalised experience on our website. These services are based on our aforementioned legitimate interests; the legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.

In addition, we also use cookies and comparable technologies (e.g. web beacons) from partners for analysis and marketing purposes. This is described in more detail in the following sections.

Consent to the use of the above-mentioned cookies from partners for analysis and marketing purposes can be revoked or changed at any time by activating the cookie settings. The cookie settings can be found at any time in the footer or at the bottom of our shop. 

2.10. Use of cookies and similar technologies for analysis purposes

In order to improve our website, we use cookies and comparable technologies (e.g. web beacons) for the statistical collection and analysis of general user behaviour based on access data. We also use analytics services to evaluate the use of our various marketing channels.

The legal basis for the data processing described in the following section is Art. 6 (1) sentence 1 lit. f DSGVO, based on our legitimate interest in the needs-based design and continuous optimisation of our website.

In the following list of the technologies we use, you will also find information on how to object to our analysis measures by means of a so-called opt-out cookie. Please note that after deleting all cookies in your browser or the subsequent use of another browser and/or profile, an opt-out cookie must be set again. 

2.10.1 Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies and similar technologies to analyse and improve our website based on your user behaviour. The data generated in this context may be transferred by Google to a server in the USA for analysis and stored there. In the event that personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield. However, your IP address will be shortened before the usage statistics are analysed so that no conclusions can be drawn about your identity. For this purpose, Google Analytics on our website has been extended by the code "anonymizeIP" to ensure anonymised collection of IP addresses.

Google will process the information obtained through the cookies in order to evaluate your use of the website, to compile reports on website activities for the website operators and to provide other services associated with website and internet use.

You can configure your browser to refuse cookies or you can prevent the collection of data generated by cookies and related to your use of this website (including your IP address) and the processing of this data by Google by downloading and installing the browser add-on provided by Google. As an alternative to the browser add-on or if you access our website from a mobile device, please use this opt-out link . This will prevent Google Analytics from collecting data within this website in the future (the opt-out only works in this browser and only for this domain). If you delete your cookies in this browser, you must click this link again.

You can find more information on this in Google's privacy policy.

2.10.2 Hotjar

Our website uses Hotjar, a web analytics service provided by Hotjar Ltd, 3 Elia Zammit Street, St Julians STJ 1000, Malta ("Hotjar"). Hotjar is used to create so-called heat maps. Heat maps graphically display statistics about mouse movements and clicks on our site. This allows us to identify frequently used functions of our website and to further improve the site. Hotjar uses cookies and similar technologies to analyse our website with regard to your user behaviour. However, your IP address is shortened before the usage statistics are analysed so that no conclusions can be drawn about your identity. In addition to mouse movements and clicks, information on the operating system, browser, incoming and outgoing references (links), geographical origin as well as resolution and type of device are evaluated for statistical purposes. This information is pseudonymous and will not be passed on to third parties by us or by Hotjar. Data entered by you in form fields on our website are hidden and not collected by Hotjar.

The collection of data by Hotjar can be deactivated on all websites operated by us or other providers that use Hotjar by means of your objection (so-called opt-out). You can find more detailed explanations and a function for declaring your objection on the Hotjar objection page. In addition, Hotjar supports the so-called Do-Not-Track function of your browser. If you activate this in your browser, Hotjar will not collect any data. You can find instructions for the various browsers on the Hotjar website.

You can also find more information on this in Hotjar's privacy policy.

2.10.3 Matomo

Our website uses Matomo (formerly known as Piwik), an open source analytics platform provided by InnoCraft Ltd, 150 Willis St, 6011, Wellington, New Zealand ("Matomo"). Matomo uses a cookie to analyse our website with regard to your user behaviour. The cookie, which is placed on your computer when you visit our website, also stores and transmits your anonymised IP address. This means that when the data is transmitted to our server, the IP address is shortened so that we can no longer identify you - as a visitor to our website. The usage data transmitted to us by the cookie is only evaluated by us and is not passed on to third parties. The evaluation serves exclusively to optimise and further develop our website.

As shown above, you can configure your browser to automatically reject cookies.

You can find more information on this in the Matomo data protection information.

2.10.4 New Relic

Our website uses New Relic, a performance analysis service provided by New Relic Inc, 101 Second Street, 15th Floor, San Francisco, CA 94105, USA ("New Relic"). New Relic uses cookies and similar technologies to measure and monitor the technical performance of our website, i.e. to determine, for example, whether the respective web page can be called up and how quickly it is displayed when called up. For this purpose, New Relic collects data about the relevant website, such as system data on add-ons used, usage times, browsers used, hardware and software used (so-called "application data"). Neither the data collection nor the evaluation is user or usage-related at New Relic.

The data accruing in this context may be transferred by New Relic to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, New Relic has submitted to the EU-US Privacy Shield.

You can configure your browser to reject cookies or you can prevent the collection of data generated by cookies and related to your use of this website (including your IP address) as well as the processing of this data by New Relic by using this opt-out link. This will prevent collection by New Relic within this website in the future (the opt-out only works in the browser and only for this domain). If you delete your cookies in this browser, you will need to click this link again.

For more information, please refer to New Relic's privacy policy.

2.11. Use of cookies and comparable technologies for online advertising purposes

We also use cookies and comparable technologies for advertising purposes. Some of the access data generated when using our website is used for interest-based advertising. By analysing and evaluating this access data, we are able to display personalised advertising to you on our website and on the websites of other providers. This means advertising that corresponds to your actual interests and needs.

The legal basis for the data processing described in the following section is Art. 6 para. 1 sentence 1 lit. f DSGVO based on our legitimate interest in advertising our products and services in a personalised form.

In the following section, we would like to explain these technologies and the providers used for this purpose in more detail.

The data collected may include in particular

the IP address of the device
the date and time of access,
the identification number of a cookie,
the device identification of mobile devices
technical information about the browser and the operating system. 

However, the collected data is only stored pseudonymously, so that no direct conclusions can be drawn about the persons.

In the following descriptions of the technologies we use, you will also find information on how to object to our analysis and advertising measures by means of a so-called opt-out cookie. Alternatively, you can exercise your objection through corresponding settings on the websites Truste or Your Online Choices, which provide bundled objection options from many advertisers. Both sites allow you to deactivate all ads at once for the listed providers by means of opt-out cookies or, alternatively, to make the settings for each provider individually. Please note that after deleting all cookies in your browser or using a different browser and/or profile later, an opt-out cookie must be set again.

2.11.1 Facebook conversion and retargeting tags

For marketing purposes, our websites use so-called conversion and retargeting tags (also "Facebook pixel") of the social network Facebook, a service of Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook"). We use Facebook Pixel to analyse the general use of our websites and to track the effectiveness of Facebook advertising ("conversion"). In addition, we use the Facebook pixel to play you individualised advertising messages based on your interest in our products ("retargeting"). For this purpose, Facebook processes data that the service collects via cookies and similar technologies on our websites.

The data collected in this context may be transferred by Facebook to a server in the USA for analysis and stored there. In the event that personal data is transferred to the USA, Facebook has submitted to the EU-US Privacy Shield.

If you are a Facebook member and have allowed Facebook to do so via the privacy settings of your account, Facebook may also link the information collected about your visit to us to your member account and use it for the targeted placement of Facebook ads. You can view and change the privacy settings of your Facebook profile at any time. If you are not a Facebook member, you can prevent data processing by Facebook by clicking the deactivation button for the "Facebook" provider on the TRUSTe website mentioned above. You can still prevent data processing by clicking the following button. CUSTOM OPT-OUT

If you deactivate data processing by Facebook, Facebook will only display general Facebook ads that are not selected on the basis of the information collected about you.

For more information, please see Facebook's privacy policy.

2.11.2 Google AdWords Conversion Tracking and Remarketing

Our websites use the "AdWords Conversion Tracking" and "AdWords Remarketing" services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). By means of "AdWords Conversion Tracking", we record and analyse defined customer actions (such as clicking on an advertisement, page views, downloads). We use "AdWords Remarketing" to show you individualised advertising messages for our products on partner websites of Google. Both services use cookies and similar technologies for this purpose. The data generated in this context may be transferred by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield.

If you use a Google account, Google may link your web and app browsing history to your Google account and use information from your Google account to personalise ads, depending on the settings stored in your Google account. If you do not wish this association with your Google account, it is necessary for you to log out of Google before accessing our contact page. 

As shown above, you can configure your browser to reject cookies. In addition, you can deactivate the "Personalised advertising" button in the Google settings for advertising. In this case, Google will only display general advertising that has not been selected on the basis of the information collected about you.

You can find more information on this in Google's privacy policy.

2.11.3 Webtrekk

Our website uses the services of Webtrekk GmbH ("Webtrekk"). Webtrekk GmbH is a company based in Germany, Boxhagener Straße 76-78, 10245 Berlin, which collects, stores and analyses usage data in order to serve preference-based advertising to you using cookies and similar technologies. It enables the collection, storage and analysis of usage data by Webtrekk GmbH. The collected usage data is anonymised by shortening the IP address. It is therefore not possible to draw conclusions about you as a visitor to the website, even with Webtrekk.

You can prevent the collection of your data by Webtrekk for advertising purposes as described above by deactivating the automatic saving of cookies. In addition, you have the option to object to the use of your data for advertising purposes at any time in Webtrekk's data protection information.

You can find further information in Webtrekk's privacy policy.

2.11.4 Criteo

Our website also uses the remarketing technology of Criteo GmbH, Unterer Anger 3, 80331 Munich ("Criteo"). Criteo uses cookies and similar technologies and thus collects the surfing behaviour of website visitors for marketing purposes in a purely anonymised form.

Criteo can thus analyse the surfing behaviour and subsequently display targeted product recommendations as suitable advertising banners when other websites are visited. Under no circumstances can the anonymised data be used to personally identify visitors to the website.

The data collected by Criteo is only used to improve the advertising offer. On each banner displayed, there is a small "i" (for information) in the bottom right-hand corner, which opens when the mouse is over and, when clicked, leads to a page on which the system is explained and an opt-out is offered. When you click on Opt-Out, an "Opt-Out" cookie is set, which prevents the display of these banners in the future.

You can find more information on this in Criteo's privacy policy, where you can also object to the anonymous analysis of your surfing behaviour.

2.12. Social Media

2.12.1 Social media plug-ins

Our website uses social media plug-ins (such as the Like button) of the social networks Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA ("Facebook") and Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA ("Twitter") as well as Google+ of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO, based on our legitimate interest that you share our content via social networks and that we thereby increase our reach. In the event that personal data is transferred to the USA, Facebook and Twitter have submitted to the EU-US Privacy Shield.

Facebook / Twitter / Google receives the information that you have accessed the corresponding sub-page of our online offer. This occurs regardless of whether you have an account with Facebook / Twitter / Google and are logged in there. If you are logged in to Facebook / Twitter / Google, this data is directly assigned to your account. If you activate the plug-in and, for example, link to the page, Facebook / Twitter / Google will also store this information, including the date and time, in your user account and share this publicly with your contacts and followers. If you do not wish this to be associated with your Facebook / Twitter / Google profile, you must log out before activating the plug-in.

Facebook / Twitter / Google stores this data as a usage profile and uses it for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; as a Facebook / Twitter / Google member, you can deactivate advertising based on social actions, e.g. on Facebook in the advertising preferences. You can also completely prevent the loading of Facebook / Twitter / Google social media plug-ins with additional programs for your browser, e.g. with the Facebook Blocker.

You can find more information on this in the data protection information of Facebook or the data protection information of Twitter as well as in the data protection declaration of Google.



Passing on data

The data collected by us will only be passed on if:

you have given your express consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO;
the disclosure is necessary for the assertion, exercise or defence of legal claims in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in not having your data disclosed;
we are legally obliged to disclose your data pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO; or
this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include in particular data centres that store our website and databases, IT service providers that maintain our systems, and delivery and logistics service providers. If we pass on data to our service providers, they may only use the data to fulfil their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.

3.1 Amazon Web Services

Your data is partly processed on servers provided by Amazon Web Services, a service of Amazon Web Services Inc, 410 Terry Avenue North, Seattle, Washington 98109, USA ("AWS"). AWS's servers are used to connect your device to the content on our website. The servers we use are generally located within the European Union. However, for technical reasons, parts of your data may also be processed in countries outside the European Economic Area, in particular in the USA. To ensure the protection of your data in this case as well, AWS participates in the EU-US Privacy Shield. In addition, we have concluded a special contract with AWS that meets the requirements with regard to the standard contractual clauses of the European Commission. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO, based on our legitimate interest to store content of our website securely and reliably by external service providers and at the same time to reduce our own effort for the provision of the IT infrastructure of our website. 

3.2 ParcelLab

When goods are shipped, the service provider parcelLab is used to handle the shipping notifications in the direction of our customers and to provide them with the shipping status and tracking number of their shipment. For this purpose, the personal data required for the shipment information (name, address, order number, etc.) are forwarded to parcelLab. You can find more information in the privacy policy of parcelLab: https://parcellab.com/datenschutz.

parcelLab GmbH
Schillerstraße 23A
D-80336 Munich

3.3 Google Tag Manager

Our website uses the Google Tag Manager, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The Tag Manager is used to manage tracking tools and other services, so-called website tags. A tag is an element that is stored in the source code of our website, for example, in order to record specified usage data. The Google Tag Manager does not require the use of cookies. The Google Tag Manager ensures that the usage data required by our partners (cf. the data processing procedures described above) is forwarded to them. Some of the data is processed on a Google server in the USA. In the event that personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield. The legal basis is Art. 6 para. 1 lit. f DSGVO, based on our legitimate interest in integrating and managing multiple tags on our website in an uncomplicated manner. You can find more information on this in Google's information on the tag manager.

3.4 Idealo Internet GmbH

The logo of our partner idealo (idealo internet GmbH, Ritterstraße 11, 10969 Berlin) is integrated on our website. When you call up our website, the browser used on your end device automatically sends information to the idealo server. This information is temporarily stored in a so-called server log file for 7 days. The following information is collected without your intervention and stored until it is automatically deleted:

IP address of the requesting computer,
Date and time of access,
name and URL of the file accessed,
website from which access was made (referrer URL),
browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The temporary storage of the IP address by the system is necessary to enable delivery of the website. For this purpose, the IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of the information technology systems. This data is not stored together with other personal data. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DS-GVO.

3.5 Shop provider

Processing of personal data by Shopify International Limited.

For the operation of our online shop, we use Shopify, a service of Shopify International Limited (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, "Shopify Limited"). Shopify is an e-commerce platform through which we offer our goods for sale.

When you use our online shop, Shopify Limited processes the information you provide (your name, email address, shipping and billing address, payment information, your business name if applicable, and your phone number). In addition, the IP address used, information about orders initiated by you, information about the online shops visited by you that are based on the Shopify platform and information about the device and browser used by you are processed.

The processing is carried out on our behalf in order to provide you with the online shop. The data collection is based on the legal basis of Art. 6(1)(b) and (f) DSGVO and is carried out to fulfil the contract concluded with you and because we have overriding legitimate interests in making the use of the online shop as easy and efficient as possible and in ensuring its functionality and security. We may pass on the data to our order processor Shopify in accordance with the provisions of Art. 28 DSGVO.

Insofar as the processed data is transferred to the Canadian-based Shopify Inc. (150 Elgin St., 8th Fl, Ottawa, ON K2P 1L4, Canada), the European Commission has determined in an adequacy decision pursuant to Article 45 of the GDPR that the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) provides an adequate level of data protection. You can access the adequacy decision at https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32002D0002&from=EN.

We cannot rule out the possibility that personal data may also be transmitted to Shopify (USA) Inc. based in the USA. Shopify (USA) Inc. is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TNSNAA4&status=Active).

Further information on data processing by Shopify Limited is available at https://www.shopify.com/legal/privacy. 

Integration of third-party content and services


It may happen that third-party content, for example videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites, are integrated within our website. This always requires that the providers of this content ("third-party providers") know your IP address. This is because without the IP address, they cannot send the content to your browser. The IP address is thus necessary for the display of this content. The legal basis for this data processing is Art. 6 para. 1 lit. b, f DSGVO.

We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence if the third-party providers store the IP address for statistical purposes, for example.

Online privacy policy (of the advertising partner):

We work together with the advertising partner Sovendus (Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe). We are required by Sovendus to provide the following information:

Voucher offers from Sovendus GmbH: In order to select a voucher offer that is currently of interest to you, we transmit the hash value of your e-mail address and your IP address to Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe (Sovendus) in pseudonymised and encrypted form (Art. 6 para. 1 f DSGVO). The pseudonymised hash value of the e-mail address is used by Sovendus to take into account a possible objection to advertising (Art. 21 para.3, Art. 6 para.1 c DSGVO). The IP address is used by Sovendus exclusively for data security purposes and is usually anonymised after seven days (Art. 6 para.1 f DSGVO). In addition, we transmit the order number, order value with currency, session ID, coupon code and timestamp to Sovendus in pseudonymised form for billing purposes (Art. 6 para.1 f DSGVO). If you are interested in a voucher offer from Sovendus, if there is no advertising objection to your e-mail address and if you click on the voucher banner displayed only in this case, we will transmit your title, name, postcode, country and your e-mail address in encrypted form to Sovendus for the preparation of the voucher (Art. 6 para.1 b, f DSGVO).

For further information on the processing of your data by Sovendus, please refer to the online data protection information at www.sovendus.de/datenschutz.



Storage period

As a matter of principle, we only store personal data for as long as is necessary to fulfil contractual or legal obligations for which we have collected the data. Thereafter, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.

For evidentiary purposes, we must retain contractual data for three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred at this point at the earliest in accordance with the standard statutory limitation period.

Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so because of legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.



Your rights

You have the right to request information about the processing of your personal data by us at any time. When you request information, we will explain the data processing to you and provide you with an overview of the data stored about you.

If any data stored by us is incorrect or no longer up to date, you have the right to have this data corrected. You can also request the deletion of your data. If deletion is exceptionally not possible due to other legal provisions, the data will be blocked so that it is only available for this legal purpose.

You can also have the processing of your data restricted, for example if you believe that the data we hold is incorrect.

You also have the right to data portability, which means that we will provide you with a digital copy of the personal data you have provided to us if you request it.

To exercise your rights as described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees demonstrating an adequate level of data protection.


In addition, you have the right to object to data processing based on Art. 6 (1) lit. e or f DSGVO. Finally, you have the right to complain to the data protection supervisory authority responsible for us. You can assert this right at a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement. In Berlin, where we are based, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.



Right of revocation and objection

In accordance with Article 7 (2) DSGVO, you have the right to withdraw your consent at any time. This means that we will no longer process the data based on this consent in the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Insofar as we process your data on the basis of legitimate interests pursuant to Art. 6(1)(f) DSGVO, you have the right to object to the processing of your data pursuant to Art. 21 DSGVO and to provide us with reasons which arise from your particular situation and which, in your opinion, argue for an overriding of your interests worthy of protection. If it is a matter of objecting to data processing for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons. 

If you wish to make use of your right of revocation or objection, it is sufficient to send an informal message to the contact details above.

Data security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmissions and from third parties gaining knowledge. These are adapted to the current state of the art. To secure the personal data you enter on our website, we use Transport Layer Security (TLS), which encrypts the information you enter.



Changes to the data protection declaration 

Occasionally we update this data protection declaration, for example if we adapt our website or if the legal or official requirements change.



© Hello Jack GmbH - Version: 1 / Status: May 2021