Free shipping within Germany and the EU

Privacy policy


General notes

The following information provides a simple overview of what happens to your data when you visit our website. Personal data are all data with which one can be personally identified. Detailed information on the subject of data protection can be found in the following data protection declaration.

Data collection on the Ava & Su website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. His contact details can be found in the imprint of this website.

How do we collect personal data?
On the one hand, personal data is collected when it is communicatedto us. For example, by entering your data in the contact form.Other data is automatically collected by our IT system when you visit the website. These are mainly technical data (e.g. Internet browser, operating system or time of the web page call). These data are automatically collected as soon as you enter our website.

What is personal data used for?
Part of the data is collected to ensure that the website is provided without errors. Other data can be used to analyse user behaviour.

What rights exist concerning my data?
There is always the right to receive information free of charge about the origin, recipient and purpose of your own stored personal data. Also, there is the right to have this data corrected, blocked or deleted. If you have any questions regarding data protection, you can contact us at any time at the address given in the imprint. Furthermore, the right of complaint to the responsible supervisory authority can also be exercised.Under certain circumstances, there is the right to demand the restriction of the processing of own personal data. Further details can be found in the privacy policy under "Right to limit processing".

Analysis tools and third-party tools
When visiting our website, the surfing behaviouris statistically evaluated. This is mainly done with cookies and with so-called analysis programs. The analysis of the surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to individuals.This analysis can be contradicted orprevented by not using certain tools. Detailed information on these tools and the possibilities of objection can be found in the following data protection declaration.

GENERAL NOTES & MANDATORY INFORMATION

Data protection

We take the protection of our data very seriously. We treat personal data confidentially and following the legal data protection regulations and this data protection declaration.When this website is used, various personal data is collected. Personal data is data with which one can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission on the Internet (e.g. communication by e-mail)can have security gaps. A complete protection of data against access by third parties is not possible.

Note on the responsible body
The person responsible for data processing on this website is:

Regina Bauer

Rosengasse 10

91788 Pappenheim

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.)

Revocation of consent to data processing
Many data processing operations are only possible with the explicit consent of the data subject. Consent already given can be revoked at any time. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
If the data processing is carried out based on Art. 6 para. 1 lit. e or f DPA, you have the right to object to the processing of your data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this Data Protection Declaration. If you object, we will no longer process your data unless we can demonstrate compelling legitimate reasons for processing which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defendlegal claims (objection according to Art. 21 para. 1 GDPR).If your data are processed for direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling, insofar as it is connected with such direct marketing. If you object, your data will subsequently no longer be used for direct advertising (objection under Art. 21 para. 2 DPA).

Right of appeal to the competent supervisory authority
In the event of infringements of the GDPR, those concerned have a right of appeal to a supervisoryauthority, in particular in the Member State of their habitual residence, place of work or the place where the alleged infringement was committed. This right of appeal is without prejudice to other administrative or judicial remedies.

Right to data portability
One has the right to have data that we process automatically based on consent or in fulfilmentof a contract handed over to the person concerned or a third party in a common, machine-readable format. If the direct transfer of the data to another responsible party is requested, this will only be done to the extent that it is technically feasible.

SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. An encrypted connection is recognized by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in the own browser line. 11If SSL or TLS encryption is activated, the data transmitted to us cannot be read by third parties.

Encrypted payment transactions on this website
If there is an obligation to provide us with payment data (e.g. account number for direct debit authorisation) after the conclusion of a contract with costs, this data is required for payment processing.The payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. An encrypted connection is recognized by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in its browser line.With encrypted communication, payment data transmitted to us cannot be read by third parties.

Information, blocking, deletion and correction
Within the framework of the applicable legal provisions, the right to free information about one's own stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correction, blocking or deletion of this data can be obtained at any time. For this purpose, as well as for further questions regarding personal data, you can contact us at any time at the address given in the imprint.

Right to limitation of processing
You have the right to demand the restriction of the processing of your data. For this purpose you can contact us at any time at the address given in the imprint. The right to restrict processing exists in the following cases:

  • If the correctness of the personal data stored with us is disputed, we usually need time to verify this. For the duration of the review, we have the rightto demand the restriction of the processing of our data.
  • If the processing of own personal data is/have been unlawful, the restriction of data processing can be demanded instead of deletion.
  • If we no longer need personal data, but the person concernedneeds it to exercise, defend or assert legal claims, the right exists to demand the restriction of the processing of own personal data instead of deletion.
  • If an objection is submitted following Art. 21 Para. 1 GDPR, a balance must be struck between ourinterests and those of the data subject. As long as it is not yet clear whose interests prevail, the right exists to demand that the processing of our data be restricted.
  • If the processing of our data is restricted, these data -apart from their storage-may only be processed with our consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or reasons of an important public interest of the European Union or a member state.

Objection to advertising e-mails
The use of contact data published within the scope of the imprint obligation for the transmission of not expressly requested advertising and information material is hereby contradicted. We expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam e-mails.

DATA COLLECTION ON THE WEBSITE

Cookies
The Internet pages partly use so-called cookies. Cookies do not cause any damage on your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on yourcomputer and saved by the browser. Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of the respective website visit. Other cookies remain stored on the respective end device until they are deleted. These cookies enable us to recognize the user's browser on the next visit. You can set the browser to inform you when cookies are set and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and toactivate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be limited. Cookies that are required to carry out the electronic communication process or to provide certain functions desired by the user (e.g. shopping basket function) are stored based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimised provision of our services. Insofar as other cookies are stored (e.g. cookies for analysing your surfing behaviour), these are treated separately in this data protection declaration.

Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which the user's browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.These data are recorded based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the technically error-free presentation and optimisation of our website -for this purpose the server log files must be recorded.

Contact form
If we receive enquiries via the contact form, information from the enquiry form, including the contact data provided by the user there, will be stored by us to process the enquiry and in the event of follow-up questions. We will not pass on this data without your express consent.The processing of the data entered in the contact form is therefore exclusively based on the user's consent (Art. 6 para. 1 lit. a GDPR). This consent can be revoked at any time. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing operations carried out up to the point of revocation shall remain unaffected by the revocation.The data entered by the user in the contact form will remain with us until we are requested to delete it, until consent for storage is revoked or until the purpose for which the data is stored no longer applies (e.g. after your request has been processed). Mandatory legal provisions -in particular retention periods -remain unaffected.

Inquiry by e-mail, telephone or fax
If we are contacted by e-mail, telephone or fax, every inquiry including all personal data (name, inquiry) resulting from it will be stored and processed by us to process the request. We will not pass on this data without the express consent of theuser.The processing of this data is carried out based on Art. 6 para. 1 lit. b GDPR, insofar as the enquiry is connected with the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on the consent of the user (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the requests addressed to us.The data sent to us by the user via contact enquiries will remain with us until we are requested to delete it, consent to store it is revoked or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions -in particular legal retention periods -remain unaffected.

Registration on this website
Users can register on our website to use additional features on the site. We use the data entered for this purpose only to use the respective offer or service for which the user has registered. The mandatory data requested during registration must be provided in full. Otherwise we will refuse the registration.For important changes, such as changes to the scope of the offer or technically necessary changes, we will use the e-mail addressentered during registration to inform the user in this way.The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a GDPR). The user may revoke any consent given by himselfat any time. For this purpose an informal notification by e-mail to us is sufficient. The legality of the data processing already carried out remains unaffected by the revocation.The data collected during registration is stored by us for as long as the user is registered on our website and is then deleted. Legal retention periods remain unaffected.

Processing of data (customer and contract data)
We collect, process and use personal data only to the extent that they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done based on Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data on the use of our Internet pages (usage data) only to the extent necessary to enable the user to use the service or to invoice the user.The collected customer data is deleted after completion of the order or termination of the business relationship. Legalretention periods remain unaffected.

Data transmission upon conclusion of contract for online shops, dealers and dispatch of goods
We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with the handling of payments. A further transmission of the data is not carried out or only if the user has expressly agreed to the transmission. Personal data will not be passed on to third parties without express consent, for example for advertising purposes.The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Data transmission upon conclusion of a contract for services and digital content
We only transfer personal data to third parties if this is necessary within the framework of the contract, for example to the credit institution commissioned with the handling of payments.A further transmission of the data does not take place or only if the user has expressly agreed to the transmission. Personal data will not be passed on to third parties without express consent, for example for advertising purposes.The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

APPEARANCE ON SOCIAL MEDIA

Data processing through social networks
We maintain publicly accessible profiles in social networks. The individual social networks we use are listed below. Social networks such as Facebook, Google+, etc. can usually comprehensively analyze user behavior when the user visits their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media sites triggers numerous data protection-relevant processing operations. 14In detail: If the user logs in with his social media account and visits our social media presence,the operator of the social media portal can assign this visit to his user account. Personal data may also be collected if the user is not logged in or does not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on the user's terminal device or by recording the user's IP address.With the help of the data thus collected, the operators of the social media portals can create user profiles in which the user's preferences and interests are stored. In this way, interest-related advertising can be displayed to the user within and outside the respective social media presence. If the user has an account with the respective social network, interest-based advertising can be displayed on all devices on which the user is or was logged in.It should also be noted that we are not able to track all processing on the social media portals. Depending on the provider, further processing may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis
Our social media appearances are designed to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Responsibility and assertion of rights
If the user visits one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. The user can assert his rights (information, correction, deletion, restriction of processing, data transferability and complaints) both against us and against the operator of the respective social media portal (e.g. against Facebook).It should be noted that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our possibilities depend largely on the corporate policy of the respective provider.

Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, the user requests us to delete it, revokes his consent to storage or the purpose for storing the data no longer applies. Stored cookies remain on his terminal device until he deletes them. Mandatory legal provisions -in particular retention periods -remain unaffected.We do not influence on the storage period of his data, which is stored by the operators of the social networks for their purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail
Facebook
We have a profile on Facebook. The provider is Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified according to the EU-US Privacy Shield.We have a joint processing agreement (Controller Addendum) with Facebook. This agreement defines the data processing operations for which we or Facebook are responsible when the user visits our Facebookpage. This agreement can be viewed at https://www.facebook.com/legal/terms/page_controller_addendum.User advertising settings can be adjusted independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.Details can be found in the Facebook Privacy Policy: https://www.facebook.com/about/privacy/.

Instagram
We have a profile with Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Details of how they handle personal information can be found in Instagram's privacy policy: https://help.instagram.com/519522125107875.

NEWSLETTER

If the user would like to receive the newsletter offered on the website, we require an e-mail address from the user as well as information that allows us to verify that the user is the owner of the e-mail address provided and agrees to receive the newsletter. Further data is not collected or only collected voluntarily. We use these data exclusively for sending the requested information and do not pass them on to third parties. The processing of the data entered in the newsletter registration form is exclusively based on his consent (Art. 6 para. 1 lit. a GDPR). The consent given for the storage of the data, the e-mail address and its use for sending the newsletter can be revoked at any time, e.g. via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. The data provided by the user to subscribe to the newsletter will be stored by us until the user is unsubscribed from the newsletter and deleted after the newsletter has been cancelled. Data stored by us for other purposes remain unaffected.

MailChimp
This website uses the services of MailChimp for sending newsletters. Provider is the Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.MailChimp is a service that can be used to organize and analyze the sending of newsletters. If the user enters data to receive the newsletter (e.g. e-mail address), this data is stored on the servers of MailChimp in the USA.MailChimp has a certificationaccording to the "EU-US-Privacy-Shield". The "Privacy-Shield" is an agreement between the European Union (EU) and the USA, which is intended to ensure compliance with European data protection standards in the USA.With the help of MailChimp we can analyseour newsletter campaigns. When the user opens an e-mail sent with MailChimp, a file contained in the e-mail (so-called web-beacon) connects to the servers of MailChimp in the USA. This way it can be determined whether a newsletter message has been opened and which links have been clicked on, if any. Technical information is also collected (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.If the user does not wish to receive analysis by MailChimp, he/she must unsubscribe from the newsletter. For this purpose we provide a corresponding link in every newsletter message. Furthermore the user can unsubscribe the newsletter directly on the website.The data processing is based on the consent of the user (Art. 6 para. 1 lit. a GDPR). The user can revoke this consent at any time by cancelling the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.The data provided by the user to subscribe to the newsletter will be stored by us until the user is unsubscribed from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after the cancellation of the newsletter. Data that has been stored for other purposes remains unaffected.Further details can be found in the privacy policy of MailChimp under the following link: https://mailchimp.com/legal/terms/.

Conclusion of a Data-Processing-Agreement
We have concluded a so-called "Data-Processing-Agreement" with MailChimp, in which we commit MailChimpto protect the data of our customers and not to pass them on to third parties.

PAYMENT PROVIDERS AND RESELLERS

PayPal
On our website we offer payment via PayPal among other things. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). 16If you choose to pay via PayPal, the payment data entered by the user will be transmitted to PayPal.The transmission of data to PayPal is based on Art. 6 para. 1 lit. a GDPR(consent)and Art. 6 para. 1 lit. b GDPR(processing for the performance of a contract). The user can revoke his consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations carried out in the past.

GENDER-SPECIFIC FORMULATION

For reasons of readability, no gender-specific formulations are used on the website. Insofar as personal designations are only given in masculine form, they naturally refer to men and women in the same way.