Register for free and become part of the community!
After signing up, you'll receive exclusive early access to future drops, all relevant updates, and exciting insights!
Privacy policy
Privacy Policy
1) Introduction and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data means all data that can be used to personally identify you.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Nick Mandel, Club de Rize, Gotzkowskystraße 1, 04179 Leipzig, Germany
Tel.: –
Email: info@clubderize.com
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2) Data Collection When Visiting Our Website
2.1 When you use our website purely for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to the server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
-
Our visited website
-
Date and time at the time of access
-
Amount of data sent in bytes
-
Source/referrer from which you came to the page
-
Browser used
-
Operating system used
-
IP address used (possibly in anonymised form)
Processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. Data will not be disclosed or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the character string “https://” and the lock symbol in your browser line.
3) Hosting & Content Delivery Network
3.1 Shopify
For hosting our website and displaying the site content, we use the system of the following provider:
Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
All data collected on our website is processed on the servers of the provider. We have concluded a Data Processing Agreement (DPA) with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.
3.2 Cloudflare
We use a Content Delivery Network (CDN) of the following provider:
Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA
This service enables us to deliver large media files such as graphics, page content or scripts faster via a network of regionally distributed servers. Processing takes place to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 (1) lit. f GDPR.
We have concluded a DPA with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
4) Cookies
To make your visit to our website attractive and to enable the use of certain functions, we use cookies – small text files that are placed on your device. Some cookies are automatically deleted after closing the browser (so-called “session cookies”), others remain on your device for a longer period and enable the storage of page settings (so-called “persistent cookies”).
If personal data is also processed by individual cookies we use, the processing takes place either in accordance with Art. 6 (1) lit. b GDPR for the performance of a contract, in accordance with Art. 6 (1) lit. a GDPR in case of consent, or in accordance with Art. 6 (1) lit. f GDPR to protect our legitimate interests in ensuring the best possible functionality of the website and a customer-friendly and effective design of the site visit.
You can configure your browser to inform you about the setting of cookies and decide individually whether to accept them or to exclude acceptance for specific cases or in general.
Please note that if cookies are not accepted, the functionality of our website may be restricted.
5) Contact
5.1 Shopify Inbox
This website uses the live chat system of the following provider:
Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
Processing of personal data transmitted via the chat takes place either pursuant to Art. 6 (1) lit. b GDPR, as required for contract initiation or performance, or pursuant to Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in effective customer support.
Your transmitted data will be deleted once the issue is finally clarified, provided that there are no statutory retention obligations to the contrary.
For the purpose of creating pseudonymised usage profiles using cookies, further information may be collected and evaluated. These serve statistical analysis of user behaviour for optimisation purposes but cannot be used to personally identify you.
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
A DPA has been concluded with the provider to ensure data protection. An adequate level of protection in Canada is ensured by an adequacy decision of the European Commission.
5.2 Other contact options
When contacting us (e.g. via contact form or email), personal data is collected only to the extent necessary for processing and responding to your request.
The legal basis for processing is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, Art. 6 (1) lit. b GDPR applies as the additional legal basis.
6) Data Processing When Opening a Customer Account
Pursuant to Art. 6 (1) lit. b GDPR, personal data will be collected and processed to the extent necessary if you provide it to us when opening a customer account. The data required for opening the account can be found in the input form on our website.
You can delete your customer account at any time by sending a message to the controller at the address stated above. After deletion of your customer account, your data will be erased provided that all contracts concluded via it have been fully performed, there are no statutory retention obligations to the contrary, and we have no legitimate interest in continued storage.
7) Use of Customer Data for Direct Advertising
7.1 Subscription to our email newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Any additional data is voluntary and used to address you personally. We use the so-called double opt-in procedure to ensure that you only receive newsletters after you have expressly confirmed your consent by clicking the verification link sent to the email address provided.
By activating the confirmation link, you consent to the use of your personal data pursuant to Art. 6 (1) lit. a GDPR. We store your IP address as registered by your Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your email address at a later time. The data collected by us upon newsletter registration is used strictly for the intended purpose.
You can unsubscribe at any time via the link provided in the newsletter or by sending a message to the controller named at the beginning. After unsubscribing, your email address will be promptly deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use data beyond this scope where permitted by law and as outlined in this policy.
7.2 Cart reminders by email
If you abort your purchase with us before completing the order, you have the option to receive a one-time email reminder of the contents of your virtual shopping cart.
The only mandatory information for sending this reminder is your email address. Any additional data is voluntary and may be used to address you personally. We use the double opt-in procedure to ensure you only receive a notification after you have expressly confirmed your consent by clicking the verification link sent to the email address provided.
By activating the confirmation link, you consent pursuant to Art. 6 (1) lit. a GDPR to the use of your personal data for sending a cart reminder. We store your IP address as registered by your ISP as well as the date and time of registration to trace any possible misuse of your email address at a later time. The data collected by us for our email notification service is used strictly for the intended purpose.
You can unsubscribe from cart reminders at any time by notifying the controller named at the beginning. After unsubscribing, your email address will be promptly deleted from our distribution list for this purpose unless you have expressly consented to further use of your data or we reserve the right to use data beyond this scope where permitted by law and as outlined in this policy.
8) Data Processing for Order Fulfilment
8.1 Where necessary for contract performance for delivery and payment purposes, the personal data collected by us will be transmitted pursuant to Art. 6 (1) lit. b GDPR to the commissioned transport company and the commissioned credit institution.
If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or for digital products, we will process the contact data you provided when placing your order in order to inform you personally within the scope of our statutory information obligations pursuant to Art. 6 (1) lit. c GDPR. Your contact data will be used strictly for notifications about updates owed by us and will only be processed by us to the extent necessary for the respective information.
For processing your order, we also cooperate with the following service provider(s) who support us wholly or partially in performing concluded contracts. Certain personal data will be transmitted to these service providers as set out below.
8.2 To fulfil our contractual obligations to customers, we cooperate with external shipping partners. We transmit your name and delivery address and, where required for delivery, your telephone number exclusively for the purpose of delivering the goods pursuant to Art. 6 (1) lit. b GDPR to a shipping partner selected by us.
8.3 MarketPrint
For order processing we use the following provider: MarketConsultive GmbH, Allgäuerstraße 20, 87719 Mindelheim, Germany.
Name, address and, where applicable, other personal data are transmitted pursuant to Art. 6 (1) lit. b GDPR solely for the purpose of processing the online order. Your data will only be shared to the extent actually necessary for processing the order.
8.4 Shopify Order Printer
For order processing we use the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland.
Name, address and, where applicable, other personal data are transmitted pursuant to Art. 6 (1) lit. b GDPR for the purpose of processing the online order. Data is shared only to the extent actually necessary for order processing. The provider is also used for accounting purposes. In doing so, the provider processes incoming and outgoing invoices and, where applicable, our company’s bank transactions to automatically capture invoices, match them to transactions and, based on a semi-automated process, generate the financial accounting.
Where personal data is processed in this context, processing is carried out pursuant to Art. 6 (1) lit. f GDPR based on our legitimate interest in efficient organisation and documentation of our business processes.
8.5 Use of payment service providers (payment services)
-
PayPal
One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.
If you choose a payment method from this provider where you make an advance payment, the payment data you provided during the order process (including name, address, bank and card details, currency and transaction number) as well as information about your order will be transmitted to the provider pursuant to Art. 6 (1) lit. b GDPR. Transmission occurs solely for the purpose of payment processing and only to the extent necessary.
If you select a payment method where we make advance performance, you will be asked during checkout to provide certain personal data (first and last name, street, house number, postcode, city, date of birth, email address, telephone number, and, if applicable, data for an alternative means of payment).
To protect our legitimate interest in assessing your ability to pay, we forward this data to the provider for a creditworthiness check pursuant to Art. 6 (1) lit. f GDPR. The provider checks, based on the personal data you have provided and other data (e.g. shopping cart, invoice amount, order history, payment experience), whether the payment option you selected can be granted with regard to payment and/or default risks.
The credit report may contain probability values (so-called score values) which are calculated on the basis of a scientifically recognised mathematical-statistical procedure. Address data, among other factors, is included in the calculation of score values.
You can object to this processing of your data at any time by notifying us or the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
-
PayPal Checkout
This website uses PayPal Checkout, an online payment system from PayPal consisting of PayPal’s own payment methods and local third-party payment methods.
For payment via PayPal, credit card via PayPal, direct debit via PayPal or—if offered—“Pay Later” via PayPal, we transmit your payment data for processing to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). Transmission takes place pursuant to Art. 6 (1) lit. b GDPR and only to the extent necessary for payment processing.
For credit card via PayPal, direct debit via PayPal or—if offered—“Pay Later” via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be transmitted to credit agencies pursuant to Art. 6 (1) lit. f GDPR based on PayPal’s legitimate interest in determining your ability to pay. PayPal uses the result of the credit check regarding the statistical probability of default to decide on the provision of the respective payment method. The credit report may contain score values calculated on the basis of a scientifically recognised mathematical-statistical procedure, including address data among other factors. You can object to this processing at any time by notifying PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
If the PayPal payment method “purchase on account” is available and selected, your payment data will first be transmitted to PayPal to prepare the payment, after which PayPal forwards the data to Ratepay GmbH, Franklinstraße 28–29, 10587 Berlin (“Ratepay”) to execute the payment. The legal basis is Art. 6 (1) lit. b GDPR. In this case, Ratepay carries out an identity and credit check in its own name in accordance with the principle described above and, based on its legitimate interest in determining the ability to pay pursuant to Art. 6 (1) lit. f GDPR, transmits your payment data to credit agencies. A list of possible credit agencies used by Ratepay can be found here: https://www.ratepay.com/legal-payment-creditagencies/
When using a local third-party payment method, your payment data is first transmitted to PayPal pursuant to Art. 6 (1) lit. b GDPR to prepare the payment. Depending on the local method selected, PayPal then transmits your payment data to the respective provider pursuant to Art. 6 (1) lit. b GDPR for execution:
– Apple Pay (Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
– Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
– iDEAL (Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands)
– Bancontact (Bancontact Payconiq Company, Rue d’Arlon 82, 1040 Brussels, Belgium)
– BLIK (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
– eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
– MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
– Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
Further privacy information can be found in PayPal’s Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
-
Shopify Payments
One or more online payment methods from the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland.
If you choose a payment method by which you make an advance payment (e.g. credit card payment), the payment data you provided during the order process (including name, address, bank and card details, currency and transaction number) as well as information about your order will be transmitted to the provider pursuant to Art. 6 (1) lit. b GDPR. Transmission occurs solely for the purpose of payment processing and only to the extent necessary.
9) Web Analytics Services
Google Analytics 4
This website uses Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables analysis of your use of our website.
By default, no cookies are used by Google Analytics 4 when visiting the website unless you explicitly consent to cookies. Instead, information about your usage behaviour is collected and processed via so-called “pings” (small data packets sent to a device’s host). This information also includes your IP address, which, however, is truncated by Google by the last digits to exclude direct personal reference.
The information is transmitted to Google servers and further processed there. Transfers to Google LLC in the USA are also possible.
Google uses the information collected on our behalf to evaluate your use of the website, compile reports on website activity for us and provide other services related to website and internet usage. The IP address transmitted by your browser and truncated within the scope of Google Analytics will not be merged with other Google data. Data collected via Google Analytics 4 will be stored for two months and then deleted.
All processing described above—including data transmission via “pings” and the possible setting of Google Analytics cookies—only takes place if you have given us your express consent pursuant to Art. 6 (1) lit. a GDPR.
Without your consent, Google Analytics 4 will not be used during your visit. You may withdraw consent at any time with effect for the future by deactivating this service via the “cookie consent tool” provided on the website.
We have concluded a Data Processing Agreement with Google that ensures protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
Further legal information on Google Analytics 4 can be found at:
https://business.safety.google/intl/de/privacy/
https://policies.google.com/privacy?hl=de&gl=de
https://policies.google.com/technologies/partner-sites
Demographic features
Google Analytics 4 uses the special “demographic features” function and can create statistics on the age, gender and interests of website visitors. This is done by analysing advertising and information from third-party providers. This helps identify target groups for marketing activities. The collected data cannot be assigned to any specific person and is deleted after two months.
Google Signals
As an extension to Google Analytics 4, Google Signals may be used on this website to create cross-device reports. If you have activated personalised ads and linked your devices to your Google account, Google may—subject to your consent to Google Analytics under Art. 6 (1) lit. a GDPR—analyse your usage behaviour across devices and create database models, including cross-device conversions. We do not receive personal data from Google, only statistics. If you wish to stop cross-device analysis, you can deactivate “Personalised advertising” in your Google account settings: https://support.google.com/ads/answer/2662922?hl=de
Further information on Google Signals: https://support.google.com/analytics/answer/7532985?hl=de
User IDs
As an extension to Google Analytics 4, the “User IDs” function may be used on this website. If you have consented to the use of Google Analytics 4 under Art. 6 (1) lit. a GDPR, created an account on this website and log in to this account on different devices, your activities, including conversions, can be analysed across devices.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
10) Site Functionality
-
Access measurements by Linotype
This site uses access count measurement from Linotype, a service of Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA, to quantitatively calculate accesses to fonts licensed to us.
Because Monotype’s remuneration claim for providing the fonts is calculated based on the individual access volume of the website, the user’s IP address is captured upon page view via a tracking code and transmitted to this website’s server host for counting. Monotype itself does not at any time collect, store or transmit the IP address or other personal data of users.
This processing takes place pursuant to Art. 6 (1) lit. f GDPR on the basis of Monotype’s legitimate interest in determining access figures to correctly calculate its remuneration claim.
11) Rights of the Data Subject
11.1 Under applicable data protection law, you have the following rights vis-à-vis the controller regarding the processing of your personal data (rights of access and intervention). The legal basis for exercising each right is indicated:
-
Right of access pursuant to Art. 15 GDPR;
-
Right to rectification pursuant to Art. 16 GDPR;
-
Right to erasure pursuant to Art. 17 GDPR;
-
Right to restriction of processing pursuant to Art. 18 GDPR;
-
Right to notification pursuant to Art. 19 GDPR;
-
Right to data portability pursuant to Art. 20 GDPR;
-
Right to withdraw consent given pursuant to Art. 7 (3) GDPR;
-
Right to lodge a complaint pursuant to Art. 77 GDPR.
11.2 Right to object
IF, WITHIN THE SCOPE OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
12) Duration of Storage of Personal Data
The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and—where applicable—also by the respective statutory retention period (e.g. commercial and tax law retention periods).
When processing personal data on the basis of express consent pursuant to Art. 6 (1) lit. a GDPR, the data will be stored until you withdraw your consent.
If statutory retention periods exist for data that is processed within the framework of legal or quasi-legal obligations pursuant to Art. 6 (1) lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer necessary for the performance of the contract or the initiation of a contract and/or we have no legitimate interest in continued storage.
When processing personal data on the basis of Art. 6 (1) lit. f GDPR, this data will be stored until you exercise your right to object pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
When processing personal data for direct marketing purposes on the basis of Art. 6 (1) lit. f GDPR, this data will be stored until you exercise your right to object pursuant to Art. 21 (2) GDPR.
Unless otherwise stated in the other information in this policy regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.