Responsible for data processing
Hurom Europe GmbH
Weberstraße 19
65779 Kelkheim (Taunus), Germany
Email: zenger@hurom-europe.com
Contact details of our data protection officer
Weberstraße 19
65779 Kelkheim (Taunus), Germany
Email: zenger@hurom-europe.com
Thank you for your interest in our online shop. Protecting your privacy is very important to us. Below, we will provide you with detailed information about how we handle your personal data on our website.
1. Access data and hosting
Every time you visit our website, we process connection data that your browser automatically transmits to enable you to visit the website. This connection data includes, in particular, your IP address, the date and time of the retrieval, the amount of data transferred and the requesting provider (access data). This connection data is evaluated solely for the purpose of enabling you to visit the website, ensuring that the site operates smoothly and improving our services. The legal basis for this processing is Art. 6 (1) (b) GDPR, insofar as the page view occurs in the course of the initiation or execution of a contract, and otherwise Art. 6 (1) (f) GDPR based on our legitimate interest in enabling website viewing and the long-term functionality and security of our systems. All access data will be deleted no later than seven days after the end of your page visit. We use Amazon Web Services to host our website.
Server log files
You can use our websites without submitting personal data.
Every time you access our website, usage data is transmitted to us or our web host / IT service provider by your Internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred and the requesting provider.
The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in ensuring the trouble-free operation of our website and improving our offer.
2. Data processing for contract processing and for contacting
2.1 Orders
For the purpose of contract fulfilment in accordance with Art. 6 (1) point b GDPR, we collect personal data that you voluntarily provide to us as part of your order. Mandatory fields are marked as such because we absolutely need the data in these cases to fulfil the contract and we cannot send the order without this information. The data collected can be seen from the respective input forms and include, in particular, the last name, first name, address, company, e-mail address and the time of transmission.
Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment and dispatch processing, can be found in the following sections of this data protection declaration. After complete fulfilment of the contract, the further processing of your data will be restricted and the data will be deleted after expiry of the tax and commercial law retention periods, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) point a GDPR or we reserve the right to use data beyond this scope, which is legally permitted and about which we inform you in this statement.
We use the ERP system Microsoft Dynamics Business Central from Microsoft Corporation and the warehouse management system from Descartes Systems (Germany) GmbH (pixi) to process our orders.
2.2 Customer account
If you decide to open a customer account, we will use the data you enter on the input forms to open a customer account and to store your data for further future orders on our website in accordance with Art. 6 (1) point b GDPR. You can delete your customer account at any time, either by sending a message to the contact option described in this data protection declaration or by using a function provided in the customer account. After deletion of your customer account, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) point a GDPR or we reserve the right to use data in excess thereof, which is permitted by law and about which we inform you in this statement.
2.3 Contact
When you communicate with us via the contact form on our website or app, we process the personal data you provide as part of your inquiry, and which is necessary to answer that inquiry. To optimize our customer service, in certain specific cases, we use an AI-powered assistant provided by Neople Labs B.V., Walpoort 10, 5211 DK, 's-Hertogenbosch, Netherlands. This assistant supports both the manual and automated processing of customer inquiries. Your inquiry is automatically transferred to our support system (Zendesk). There, the integrated AI assistant analyzes the content, accesses internal data sources if needed, and suggests appropriate answers to the support team. In specific cases, the response may be fully automated.
Interactions are continuously incorporated into the further development of the AI system, improving the quality of future responses.
The processing of your data is based on Art. 6 (1) point b and f GDPR.
2.4 Proactive contact by the customer by e-mail
If you contact us by e-mail on your own initiative, we will only collect your personal data (name, e-mail address, message text) to the extent provided by you. The data processing serves to process and respond to your contact request.
If the contact serves to carry out pre-contractual measures (e.g. advice in the event of an interest in purchasing, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Art. 6 (1) (f) GDPR.
We will only use your e-mail address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
3. Data processing for the purpose of delivery
In order to fulfil the contract in accordance with Art. 6 (1) point b GDPR, we will pass on your data required for delivery to the shipping service provider commissioned with the delivery. We use the service providers DHL Paket GmbH and United Parcel Service of America, Inc. for the shipment of parcels.
We may share your email address with the shipping company as part of the order fulfillment process, provided you have explicitly consented to this during the checkout procedure. This disclosure is solely for the purpose of informing you via email about the status of your shipment.
The processing is carried out based on Article 6(1)(a) of the GDPR with your consent. You may withdraw your consent at any time by notifying us or the shipping provider, without affecting the legality of the processing carried out based on the consent prior to its withdrawal.
4. Payment process
4.1 Data processing for payment processing
To process payments in our online shop, we offer you common payment methods such as credit card, PayPal, SEPA direct debit or invoice. Depending on the selected payment method, we pass on the data necessary for the processing of the payment transaction to our technical service providers, the commissioned credit institutions or to the selected payment service provider. The legal basis for this is the performance of the contract in accordance with Article 6(1)(b) GDPR. In some cases, the payment service providers collect the data required for the processing of the payment themselves, e.g. on their own website or via a technical integration in the ordering process. In this respect, the data protection declaration of the respective payment service provider applies.
If you have any questions about our partners for payment processing and the basis of our cooperation with them, please use the contact option provided in this data protection declaration.
4.2 Data processing for the purpose of fraud prevention and optimisation of our payment processes
Where applicable, we provide our service providers with further data, which they use together with the data necessary for processing the payment as our contract processors for the purposes of fraud prevention and optimising our payment processes (e.g. invoicing, processing of contested payments, accounting support). This serves to safeguard our legitimate interests in protecting ourselves against fraud and in managing payments efficiently, which are overriding in the context of a balancing of interests, in accordance with Art. 6 (1) point f GDPR. We use our service provider Endereco, UG to validate addresses.
4.3 Data Collection and Processing for Credit Checks
If we provide goods or services in advance—such as payment by invoice or direct debit—we reserve the right to obtain a credit report based on mathematical and statistical methods from infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden, Germany.
For this purpose, we transmit the personal data required for the credit check to infoscore and use the information received regarding the statistical probability of payment default to make a balanced decision about the initiation, execution, or termination of the contractual relationship. The credit report may include probability values (score values) calculated using scientifically recognized mathematical-statistical methods, which may include address data.
Your legitimate interests will be considered in accordance with legal requirements. The data processing serves the purpose of assessing creditworthiness for contract initiation. Processing is carried out based on Article 6(1)(f) of the GDPR, stemming from our overriding legitimate interest in protecting against payment defaults when providing goods or services in advance.
You have the right to object at any time to the processing of your personal data based on Article 6(1)(f) GDPR for reasons arising from your particular situation. The provision of this data is necessary for concluding a contract using the payment method you selected. Failure to provide the data will result in the inability to conclude the contract using that payment method.
5. Advertisement by email and post
5.1 Registration for the email newsletter
If you register for our newsletter, we use the data required or separately provided by you for this purpose to regularly send you our email newsletter based on your consent in accordance with Art. 6 (1) point a GDPR. We use the so-called double opt-in procedure for this, i.e. we will only send you the newsletter by email if you confirm in our notification email by clicking on a link that you are the owner of the email address provided. You can unsubscribe from the newsletter at any time, either by sending a message to the contact option described below or by using a link provided in the newsletter for this purpose. After unsubscribing, we will delete your email address from the list of recipients, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) point a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this statement.
The email newsletter may also be sent by our service providers as part of processing on our behalf. For this we use our service providers as Klaviyo. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this data protection declaration.
Furthermore, our newsletters and marketing emails may include automated content or survey invitations based on your interactions (e.g., clicks, purchase history).
This processing is carried out either on the basis of your explicit consent (Art. 6(1)(a) GDPR) or our legitimate interests (Art. 6(1)(f) GDPR).
You may object to receiving such communications at any time, free of charge, using the unsubscribe link provided or by contacting us directly.
5.2 Email newsletter without registration and your right of objection
If we receive your email address in connection with the sale of a product or service and you have not objected, we reserve the right, on the basis of Section 7 (3) of the German Unfair Competition Act (UWG) in conjunction with Article 6 (1) (f) GDPR, to regularly send you offers by email for products from our range that are similar to those you have already purchased. This serves to safeguard our legitimate interests in advertising to our customers, which are overriding in the process of balancing of interests.
You can object to this use of your email address at any time by sending a message to the contact option described in this data protection declaration or via a link provided for this purpose in the advertising email, without incurring any costs other than the transmission costs according to the basic rates.
5.3 Direct email advertising
We use your contact details to send you information about our products by post based on our legitimate interest in accordance with Art. 6 (1) point f GDPR. For this purpose, we use our service providers Deutsche Post AG. You can object to the sending of information by post by sending a message to the contact option described below.
6. Cookies and other technologies
6.1 General information
We use technologies, including cookies, on various pages to make visiting our website more attractive and to enable the use of certain functions. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognise your browser the next time you visit (persistent cookies). These technologies are used to collect and process the IP address, time of visit, device and browser information, and information about your use of our website (e.g. information about the contents of the shopping cart).
We use technologies necessary for the operation of the website on the basis of our legitimate interest in accordance with Art. 6 (1) point f GDPR in order to provide the basic functions of our website (e.g. shopping cart function). In certain cases, these technologies may also be necessary for the fulfilment of a contract or for the implementation of pre-contractual measures; in this case, the processing is carried out in accordance with Art. 6 (1) point b GDPR. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementing laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TDDDG.
All other non-essential (optional) technologies that provide additional functions are used with your consent in accordance with Art. 6 para. 1 lit. a DSGVO. Access to and storage of information in the terminal device is then carried out on the basis of the implementing laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TDDDG. Data processing using these technologies only takes place if we have received your prior consent.
To manage your cookie preferences and ensure full compliance with data protection regulations, we use the consent management platform Cookiebot by Usercentrics.
Cookiebot enables you to give or withdraw consent for specific categories of cookies and technologies at any time.
You can access and adjust your preferences at any time via the “Cookie Settings” link in the footer of our website.
6.2 Obtaining your consent
When you visit our website, a banner is generated to inform you about the data processing on our website and to give you the opportunity to consent to some or all of the data processing using optional technologies. This banner appears the first time you visit our website and when you access the selection of your settings again to change them or withdraw your consent. The banner also appears on subsequent visits to our website if you have disabled the storage of cookies or the cookies or information in local storage have been deleted or have expired. When you visit our website, your consent or withdrawals of consent, your IP address, information about your browser, your end device and the time of your visit are stored. In addition, necessary information is stored on your end device to document your consent and revocations (‘Cookie_Name’ (x years)).
The data processing is necessary to provide you with the legally required consent management and to fulfil our documentation obligations. The legal basis is Art. 6 Para. 1 lit. f GDPR, justified by our interest in fulfilling the legal requirements for consent management. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementing laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 Abs. 2 TDDDG.
You can find the cookie settings for your browser under the following links:
If you have consented to the use of the technologies in accordance with Art. 6 (1) point a GDPR, you can withdraw your consent at any time by adjusting the cookie settings or by sending a message to the contact option described in the privacy policy.
6.3 Use of cookies and other technologies for web analysis and advertising purposes
If you have given your consent in accordance with Art. 6 (1) point a GDPR, we use the following cookies and other third-party technologies on our website. After the purpose for and our use of the respective technology has ended, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. You can find more information about your options for revocation in the section ‘Cookies and other technologies’. You can find more information about the individual technologies, including the basis of our cooperation with the individual providers. If you have any questions about the providers and the basis of our cooperation with them, please use the contact option described in this data protection declaration.
6.3.1. Use of Google services for web analysis and advertising purposes
We use the following technologies from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). The information automatically collected by Google technologies about your use of our website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. If your IP address is collected by Google technologies, it will be shortened by activating IP anonymisation before it is stored on Google's servers. Only in exceptional cases will the full IP address be sent to a Google server and shortened there. Unless otherwise stated for the individual technologies, the data processing is carried out on the basis of an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 GDPR. Further information about data processing by Google can be found in Google's privacy policy.
Google Analytics
For the purpose of website analysis, data (IP address, time of visit, device and browser information, and information on your use of our website) is automatically collected and stored using Google Analytics, from which user profiles are created using pseudonyms. Cookies may be used for this purpose. Your IP address will not be merged with any other Google data. The data processing is carried out on the basis of an agreement on order processing by Google. The essential information on this can be found here.
For the purpose of optimising the marketing of our website, we have activated the data sharing settings for ‘Google products and services’. This allows Google to access the data collected and processed by Google Analytics and then use it to improve Google services. The data sharing with Google as part of these data sharing settings is based on an additional agreement between the controllers. We have no influence on the subsequent data processing by Google.
We use the so-called user ID function to optimise the marketing of our website. This function allows us to assign a unique, permanent ID to your interaction data from one or more sessions on our online presences and thus analyse your user behaviour across devices and sessions.
For web analysis and advertising purposes, the extension function of Google Analytics, the so-called DoubleClick cookie, enables your browser to be recognised when you visit other websites. Google will use this information for the purpose of compiling reports on website activity and providing other services relating to website activity and internet usage.
Google Ads
For advertising purposes in Google search results and on third-party websites, the Google Remarketing cookie is set when you visit our website. This cookie automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information, and information about your use of our website) and by means of a pseudonymous cookie ID and based on the pages you visit. Any further data processing will only take place if you have activated the ‘personalised advertising’ setting in your Google account. If you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing.
For website analysis and event tracking, we use Google Ads Conversion Tracking to measure your subsequent usage behaviour when you have reached our website via a Google Ads advertisement. For this purpose, cookies may be used and data (IP address, time of visit, device and browser information, as well as information on your use of our website based on events specified by us, such as visiting a website or registering for a newsletter) may be collected, from which user profiles are created using pseudonyms.
Google Fonts
To ensure that content is displayed consistently on our website, the script code ‘Google Fonts’ collects data (IP address, time of visit, device and browser information), transmits it to Google and then processes it. We have no influence on this subsequent data processing.
YouTube video plugin
If you play a video, data (IP address, time of visit, device and browser information) is collected via the YouTube video plugin in the advanced data protection mode we use to integrate third-party content, transmitted to Google and then processed by Google only if you play a video.
Google reCAPTCHA
For the purpose of protecting against misuse of our web forms and against spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information and information on your use of our website) and uses a so-called JavaScript and cookies to analyse your use of our website. In addition, other cookies stored by Google services in your browser are evaluated. Personal data from the input fields of the respective form is not read or stored.
6.3.2 . Use of Hotjar services for web analysis and advertising purposes
We use the web analytics service Hotjar provided by Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta, to better understand user behavior and improve the usability of our website.
Hotjar enables us to record user interactions such as mouse movements, clicks, scroll behavior, and keystrokes on selected pages. This information is anonymized and does not allow us to identify individual users.
The use of Hotjar is based on your consent in accordance with Art. 6 (1) point a GDPR. You can revoke your consent at any time with effect for the future. For more information about Hotjar’s data processing, please refer to Hotjar’s privacy policy.
7. Storage period
In principle, we only store personal data for as long as is necessary to fulfil the purposes for which we have collected the data. After that, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for civil claims, due to statutory retention obligations or if there is another data protection legal basis for the continued processing of your data in a specific individual case.
In particular, we are required to store contractual data for three years from the end of the year in which our business relationship with you ends. Any claims become time-barred at the earliest at this point in time in accordance with the statutory limitation period.
Even after that, we still have to store some of your data for accounting reasons. We are obliged to do so due to legal documentation requirements that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods for storing documents specified there are between two and ten years.
8. Requirements for the transfer of personal data to third countries
As part of the processing described above, your personal data may be transferred or disclosed to third parties located in so-called third countries, i.e. outside the European Union or the European Economic Area (EEA). Such processing is carried out in accordance with the requirements of Art. 44 et seq. GDPR. We have already informed you about the respective details of the transfer at the relevant points.
Some third countries to which personal data may be transferred may not have a consistently high level of data protection due to a lack of legal provisions. Where this is the case, we ensure that data protection is sufficiently guaranteed. This is possible through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data in accordance with Art. 46 (1), (2) lit. c GDPR, certificates or recognised codes of conduct. The 2021 standard contractual clauses are available here. Where this is not possible, we base the data transfer on exceptions to Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the fulfilment of a contract or for the implementation of pre-contractual measures.
The European Commission certifies a level of data protection comparable to the EEA standard for some third countries by means of so-called adequacy decisions (a list of these countries, which also include the USA, and a copy of the adequacy decisions can be found here. Please contact our data protection officer if you would like more information on this).
