Data Privacy Policy of Steinbild Schweiz GmbH

With this privacy policy, Steinbild Schweiz GmbH (hereinafter "Steinbild") informs you which personal data we process in connection with our activities and operations. In particular, we provide information on why, how and where we process personal data, how long the personal data is stored and whether personal data is passed on to third parties in Switzerland and abroad. We also inform you about your rights when your personal data is processed.

We are subject to Swiss data protection law as well as any applicable foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR).

1. Contact address

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

STEINBILD SCHWEIZ GMBH
Jöchlerweg 4
6340 Baar
Switzerland
info@steinbild-collection.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Data protection officer

We have appointed the following data protection officers for our company.

Steinbild Schweiz GmbH
Dominic Rüdlinger
Jöchlerweg 4
6340 Baar
Switzerland
info@steinbild-collection.com

We would like to point out if there are other controllers for the processing of personal data in individual cases.

Data protection representation in the European Economic Area (EEA)

We have the following data protection representation in accordance with Art. 27 GDPR. The data protection representative serves as an additional point of contact for supervisory authorities and data subjects in the European Union (EU) and the rest of the European Economic Area (EEA) for enquiries in connection with the General Data Protection Regulation (GDPR):

Steinbild GmbH
Schwabenstraße 4
87766 Memmingerberg

Persons authorised to represent the company:

Maximilian Gegler (Managing Director)
E-mail address:
info@steinbild-collection.com

2. Terms and legal bases

2.1 Terms

Personal data is any information relating to an identified or identifiable natural person. A data subject is a natural person about whom personal data is processed.

Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, collection, erasure, storage, archiving, modification, destruction and use of personal data.

The European Economic Area (EEA) comprises the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.

2.2 Legal basis

We process data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP – in German DSG) and the Ordinance to the Federal Act on Data Protection. According to the FADP, the processing of personal data is only permitted if it is obtained for a specific purpose that is recognizable to the data subjects and is only processed in a way that is compatible with this purpose (see Art. 6 para. 3 FADP). Explicit consent is required for the processing of particularly sensitive personal data, for high-risk profiling by a private individual or for profiling by a federal body (see Art. 6 para. 7 FADP). The purpose of the processing is always stated in our privacy policy and, if necessary, we always obtain the express consent of the data subjects.

If and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:

Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the fulfilment of a contract with the data subject and for the implementation of pre-contractual measures.
Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to fulfil a legal obligation to which we are subject in accordance with any applicable law of member states in the European Economic Area (EEA).
Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data in order to protect the vital interests of the data subject or another natural person.
Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data in order to protect the legitimate interests of us or third parties, unless the fundamental freedoms and rights and interests of the data subject prevail. Legitimate interests are, in particular, our interest in being able to carry out our activities and operations in a permanent, user-friendly, secure and reliable manner and to communicate about them, to ensure information security, to protect against misuse, to enforce our own legal claims and to comply with Swiss law.

3. Personal data (type, scope, purpose and duration)

We process the personal data that is required to carry out our activities and operations in a permanent, user-friendly, secure and reliable manner. Such personal data may fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales data as well as contract and payment data.

The personal data we collect will only be stored for as long as is necessary to fulfil the respective purpose. Under certain circumstances, legal requirements or other obligations may lead to longer storage. Personal data that no longer needs to be processed will be anonymized or deleted.

We may have personal data processed by third parties. We may also process personal data jointly with third parties or transfer it to third parties. Such third parties are, in particular, specialized providers whose services we use.

In principle, we only process personal data with the consent of the data subject, unless the processing is permitted for other legal reasons, for example to fulfil a contract between the data subject and the controller or for corresponding pre-contractual measures to protect our overriding legitimate interests, because the processing is evident from the circumstances or takes place after prior information.

In particular, we process information that a data subject has voluntarily and personally provided to us when contacting us - for example by post, e-mail or telephone. We process this information only to the extent necessary to fulfil the purpose of the processing or to complete the order. If mandatory fields are marked when completing forms, these are necessary for the fulfilment of your request. If we receive data about other persons, the transmitting persons are obliged to guarantee data protection for such persons and to ensure the accuracy of such personal data.

4. Use of the website

When using our website, personal data may be processed through the following functions and modes of operation:

4.1 Newsletter

If you subscribe to a newsletter on our website, your e-mail address must be recorded. Optionally, a salutation and first and last names are also recorded. As soon as you are no longer registered for our newsletter, this data will be deleted immediately.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of our activities and operations, if and to the extent that such processing is permitted by law.

4.2 Cookies

Cookies can be used on the website to enable certain functions and to make visiting the website more attractive for users. Cookies do not damage your computer and do not contain viruses. Cookies are small text files that are stored on your computer. Most of the cookies used are deleted from your hard drive at the end of the browser session (so-called session cookies). Other cookies remain on your computer and enable you to be recognized the next time you visit our website (persistent cookies).

You can prevent the storage of cookies in your browser by restricting or switching off the storage and reading of cookies. Please note that you will not be able to use certain functions of the website properly without cookies.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are treated separately in this privacy policy.

4.3 Server log files

When you access our website, we may collect the following information, provided that it is transmitted by your browser to our server infrastructure or can be determined by our web server:

Date and time including time zone;
Internet Protocol (IP) address;
Access status (HTTP status code);
Operating system including user interface and version;
Browser including language and version;
the individual sub-pages of our website accessed, including the data volumes transferred;
The last website accessed in the same browser window (referrer).

We store such information, which can also be qualified as personal data, as server log files. The information is required to provide our website in a permanent, user-friendly and reliable manner and to ensure data security and thus in particular the protection of personal data - also by third parties or with the help of third parties.

The basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. The purpose of this processing is to ensure the smooth functioning of our website (cf. Art. 6 para. 3 GDPR).

4.4 Tracking pixel

We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels - including those from third parties whose services we use - are small, usually invisible images that are automatically retrieved when you visit our website. Tracking pixels can be used to collect the same information as server log files.

4.5 Online forms

If you send us enquiries via the form, your details from the form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

Storage duration

We will retain the data you provide on the form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

Legal basis

The data entered in the form is therefore processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. Furthermore, the purpose of this data processing is to ensure the smooth functioning of this website and to respond to your requests from the online forms (cf. Art. 6 para. 3 GDPR).

4.6 Subscriptions

Steinbild can conclude subscriptions with its customers. The data collected for this purpose is only concluded with the logistics companies and any suppliers for the fulfilment of the contract (see Art. 6 para. 3 FADP).

4.7 Processing of data (customer and contract data)

We collect, process and use personal data only insofar as it is necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 3 GDPR and Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our website (usage data) only insofar as this is necessary to enable the user to utilise the service or to bill the user.
The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data transmission upon conclusion of a contract for online shops, retailers and dispatch of goods

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with payment processing. Any further transmission of data will not take place or will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. Furthermore, the purpose of this data processing is the fulfilment of our contractual obligations with you (see Art. 6 para. 3 FADP).

Data transmission upon conclusion of a contract for services and digital content

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution responsible for processing payments.
Further transmission of the data will not take place or will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. The purpose of this data processing is to enable the fulfilment of the contract with you (cf. Art. 6 para. 3 FADP).

5. SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from ""http://"" to ""https://"" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

6. Services from third-party providers

To ensure the user-friendliness, security and reliability of our website, we use plugins from third-party providers that have either helped with the design in the background or actively offer certain functions for users on the website. We only use plugins and other services from third parties if this is conducive to the user experience. We use the plugins listed below, although not all of these plugins process personal data.

6.1 Social Media Icons

We are present on social media platforms and other online platforms in order to communicate with interested parties and provide information about our activities and operations. These sites and services are offered and operated by third parties. Each of these sites has its own privacy policy.

We also use plugins from social networks such as Facebook, Instagram, Linkedin and YouTube on our website. These providers also use cookies, among other things. When using the websites and activating the plugins, user data is automatically transmitted to these companies. The data protection provisions and the general terms and conditions of business and use of the respective provider expressly apply here too. Users must be aware that data may be collected via these services and also passed on to third parties. If users simultaneously use an account of a service, the operator can assign this transmitted information directly to the respective personal account.

In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

Steinbild has no influence on how the data is collected or used by such operators. It also has no influence on the extent to which, where and for how long the data is stored, the extent to which they fulfil any existing deletion obligations, or which evaluations and links they make with the data. Steinbild cannot recognise to whom the third-party providers pass on this data.

The legal basis for the use of social media plugins is our legitimate interest in enabling a user-friendly website and the consent of the person using it (Art. 6 para. 1 lit. a and f GDPR).

6.2 Hosting

We use third-party services in order to be able to utilise the necessary digital infrastructure in connection with our activities and operations. This includes, for example, our hosting provider.

Our website is hosted by

Maxcluster GmbH
Lise-Meitner-Strasse 1b
D-33104 Paderborn
info@maxcluster.de

By storing the data processed by us on the infrastructure of Maxcluster GmbH, we authorise Maxcluster GmbH to process the data. The data processed by Hostpoint includes the IP address, date and time, log information and error information. Hostpoint uses this data, among other things, to track and solve technical problems, to find human-induced errors, to defend against attacks on its infrastructure and to support post-mortem analyses of hacked customer websites.

The legal basis for the use of Hostpoint is our legitimate interest in enabling a functional and secure website (Art. 6 para. 1 lit. f GDPR).

6.3 Data transmission when concluding contracts for services and digital content

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution commissioned to process payments.

Further transmission of the data will not take place or will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. The purpose of this data processing is to enable the fulfilment of the contract with you (cf. Art. 6 para. 3 FADP).

6.4 Google Analytics 4 (GA4)

This website uses functions of the web analysis service Google Analytics. The provider is Google LLC, Gordon House, Barrow St Dublin 4, Ireland.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server and stored there. Some Google servers are located in the United States. Google guarantees that any personal data from end devices with IP addresses from the EU will only be collected via servers and domains located in the European Union. Nevertheless, it cannot be ruled out that pseudonymized data will be transferred to Google LLC in the United States. The security of personal data - in the event of a possible transfer to such a third country - is ensured by the fact that Google LLC has concluded standard contractual clauses with the European Union. Google LLC also takes the following measures:

HSTS-encrypted data transfers for communication in Google Analytic servers
AES-256 encryption of data at rest
Internal data access processes
ISO 27001 certifications for processes and data centres
Pseudonymisation of data

Further information can be found here.

Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. Furthermore, the use is based on Art. 6 para. 1 lit. a GDPR, as each data subject gives their consent to the use of GA4 through the cookie banner, through which data may be transmitted to servers in third countries (Art. 49 para. 1 lit. a GDPR; Art. 46 para. 2 lit. c GDPR). The purpose of this data processing is therefore to optimize advertising for our users (Art. 6 para. 3 FADP).

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to Ireland. Only in exceptional cases will the full IP address be transmitted to a Google server in Ireland and truncated there. Google will use this information on behalf of the operator of this website to analyze your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link.

Objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this website: You will find the link at the end of this section.

You can find more information on how Google Analytics handles user data in Google's privacy policy.

Order data processing

We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the Liechtenstein data protection authorities when using Google Analytics.

Demographic characteristics in Google Analytics

This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section "Objection to data collection".

Google Analytics Remarketing

Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google LLC, Gordon House, Barrow St Dublin 4, Ireland.

This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you sign in with your Google account. To support this function, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data in order to define and create target groups for cross-device advertising. You can permanently object to cross-device remarketing/targeting by deactivatingpersonalized advertising in your Google account. The aggregation of the data collected in your Google Account is based exclusively on your consent, which you can give or withdraw from Google (Art. 6 para. 1 lit. a GDPR). For data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merging), the collection of data is based on Art. 6 para. 1 lit. f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymized analysis of website visitors for advertising purposes. Furthermore, the possible transfer of data to servers in the USA is justified by the fact that the data subject gives their consent to this in a cookie banner (Art. 49 para. 1 lit. a GDPR). The purpose of this data processing is therefore to optimize advertising for our users (Art. 6 para. 3 FADP). Further information and the data protection provisions can be found in Google's privacy policy.

6.5 Google Ad Sense

Google AdSense uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons can be used to analyze information such as visitor traffic on these pages.

The information generated by cookies and web beacons about the use of this website (including your IP address) and the delivery of advertising formats is transferred to a Google server in Ireland and stored there. This information may be passed on by Google to contractual partners of Google. However, Google will not merge your IP address with other data stored by you.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Legal basis

AdSense cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. The purpose of this data processing is therefore to optimize advertising for our users (Art. 6 para. 3 GDPR). Furthermore, the use is based on Art. 6 para. 1 lit. a GDPR, as each data subject gives their consent to the use of Google AdSense through the cookie banner, which may result in data being transmitted to servers in third countries (Art. 49 para. 1 lit. a GDPR; Art. 46 para. 2 lit. c GDPR).

6.6 Authorise.net

We use the Authorize.net payment system for our website. The service provider is the American company Authorize.net LLC, 900 Metro Center Blvd, Foster City, CA 94404-2172, USA. As a result, data may be transmitted to the USA. As the USA is not considered a country with sufficient data security, the plugin is only activated if the user consents.

Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. As the website operator, we have a legitimate interest in ensuring that our website is user-friendly and appealing. The purpose of this data processing is therefore to improve the user experience for our users (Art. 6 para. 3 GDPR). Furthermore, the use is based on Art. 6 para. 1 lit. a GDPR, as each data subject gives their consent to the use of the plugin through the cookie banner, which may transmit data to servers in third countries (Art. 49 para. 1 lit. a GDPR).

6.7 Clever Reach

We use the Cleverreacht email marketing tool on our website. It helps us to send newsletters, for example. The service is offered by CleverReach GmbH & Co KG, Schafjückenweg 2, 26180 Rastede, Germany.

When registering for the newsletter, the email address, which constitutes personal data, is also requested during the registration process. The time and date of registration and the IP address may also be recorded and forwarded to CleverReach. According to Clever Reach's own statement, the data is generally stored in German data centers and deleted when you unsubscribe from the newsletter.

6.8 Shopware

We use Shopware for our shop. Shopware is offered by Shopware AG, Ebbinghoff 10, 48624 in Germany. Germany is a country with an adequate level of data protection.

We also use the following plugins from Shopware:

Faesslich Slider: It is an extension of Shopware. We use it to improve the presentation of our website.
Fast Variant Transitions: We use this extension to switch between product variants without loading a new page. It is a plugin from Meteor as partner Shopware. We use it to improve the presentation of our website.
Store & retailer search - StoreLocator: This plugin allows our customers to search for a nearby shop or retailer. It is a plugin of Net Inventors GmbH, Agathe-Lasch-Weg 2, 22605 in Hamburg
HTML minify: With this plugin the HTML is minified, which improves the web experience for our customers. It is a plugin from FriendsofShopware as a partner of Shopware. We use it to improve the presentation of our website.
Instagram Elements | Instagram for experiences: The plugin is used to retrieve data via the Instagram API for our website visitors. It is a plugin from Studio Solid, Anja Zahraranski and Thomas Diroll, Zugspitzenweg 26, 82538 Geretsried, Germany.
OrderAmountHandler: We use this extension so that our customers can easily place their order if, for example, they have a voucher and do not have to pay anything. It is made by Net Inventors GmbH, Agathe- Lasch-Weg 2, 22605 in Hamburg.
PayPal for Shopware 6: We use this extension so that our customers can pay via PayPal. This extension was developed by Shopware AG.
Produkte info text: We use this extension so that we can also add info texts for our products. It was created by ACRIS E-Commerce GmbH, Am Pfenningberg 60, 4040 Linz in Austria via Shopware.
Robots noindex,nofollow: We use this extension to prevent search engines from crawling or indexing the shop. It was created by Weedesign, Weilheimerstrasse 55, 86935 Rott, Germany via Shopware.
SEO Redirect Plugin: We use this extension so that we can optimise the backend for SEO. It is created by Scope01 GmbH, Zeil 127, 60313 Frankfurt am Main, Germany via Shopware.
Shopware 6 security plugin: We use this extension to make our website more secure for our customers. This extension was developed by Shopware AG.
Language pack: We use this extension to display our website in several languages for our customers. This extension was created by Shopware AG.
Tiny MCE: We use this extension so that we can add smileys to our website. This extension is produced by blackpoint GmbH, Friedberger Strasse 106b, 61118 Bad Vibel, Germany via Shopware AG.
Tools Shopware: With this plugin we can manage the shop better. It is a plugin from FriendsofShopware, Schöppingen, Germany as a partner of Shopware. We use it to improve the presentation of our website.
Trusted Shops Easy Integration: We use this extension to become a "trusted shop". It is produced by Trusted Shops AG, Subbelrather Strasse 15c, 50823 Cologne, Germany via Shopware.
Mail Archive Shopware: With this plugin we can better manage the shop (in the mail section). It is a plugin from FriendsofShopware, Schöppingen, Germany as a partner of Shopware. We use it to improve the presentation of our website.
Icon Boxes Shopware: We use this extension so that our website is better designed with icon boxes and therefore more user-friendly. It is created by Code 108, Lena Lite and Victor Lite GbR, Beundstrasse 5, 73054 Eislingen in Germany.
IP targeting for sales channel, country or language: We use this extension so that we can redirect our customers to the right sales channel. It was created by ACRIS E-Commerce GmbH, Am Pfenningberg 60, 4040 Linz in Austria via Shopware.
Klarna Checkout and Klarna Payments: We use this extension so that we can also add info texts for our products. It was created by Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.
Elysium Slider Shopware: We use this extension so that we can design our website better (through sliders). It was created by BlurCreative, Robert Bisovski, Otto-Schlag-Strasse 8, 06679 Hohenmölsen, Germany.
Custom Products Shopware: We use this extension so that we can add personalised products to our website. It is an extension from Shopware AG itself.
Convert image to WEBP format: We use this extension to convert images to WebP. It is an extension from Fishnet Services, Karsten Geyer, Am Sandtorkai 39, 20457 Hamburg in Germany.
Click & Collect - self-collection at the shop: We use this extension so that customers can select a shop for self-collection. It is made by Net Inventors GmbH, Agathe-Lasch-Weg 2, 22605 in Hamburg.
Image Gallery Premium: We use this extension so that customers can view the images as a gallery. It was created by netzperfekt, Parkstrasse 113, 24399 Arnis in Germany.
Share shopping basket: We use this extension so that customers can share the shopping basket. It is a plugin from FriendsofShopware as a partner of Shopware.
Subcategories and categories in worlds of experience: We use this extension to make it easier for customers to navigate the website, as we have categories or subcategories. It was created by Novu AG, Ottikerstrasse 14, 8006 Zurich, Switzerland.
Sorting at random (random order): We use this extension so that the products are displayed in a sorted order. It was created by SEMES Shopware Development based in Leipzig, Germany, support@semes.de.
Customer groups in registration with access code: We use this extension so that we can create registrations for customer groups and also create access codes for them. This makes the website more secure. It was created by Digitvision, Eike Brandt-Warneke, Hevener Strasse 65, 44797 Bochum in Germany.
Add voucher via URL: We use this extension so that customers can add vouchers. It was created by codeenterprise GmbH, Schornerstrasse 10, 82065 Baierbrunn in Germany.
Release category customer group: We use this extension so that we can create certain categories for certain customer groups. It was created by ACRIS E-Commerce GmbH, Am Pfenningberg 60, 4040 Linz in Austria via Shopware.
Foundation Basis Version: We use this extension so that the website can be displayed better. It was created by Moori, Jan-Philipp Georg, Salbeiweg 31, 33100 Paderborn in Germany.
Form Builder 2 | Slides Add-On: We use this extension to improve the presentation of the website. It was created by Moori, Jan-Philipp Georg, Salbeiweg 31, 33100 Paderborn in Germany.
Form Builder 2 | Classic Add-On: We use this extension so that the website can be displayed better. It was created by Moori, Jan-Philipp Georg, Salbeiweg 31, 33100 Paderborn in Germany.
Form builder 2: We use this extension so that the website can be displayed better. It was created by Moori, Jan-Philipp Georg, Salbeiweg 31, 33100 Paderborn in Germany.
Expandable areas for a world of experience: We use this extension so that the website can be displayed better. It was created by Digitalwert, Agentur für digitale Wertschöpfung GmbH, Alnaustrasse 9, 01099 Dresden in Germany.
Customisable pop-ups & notifications: We use this extension so that the website can be displayed better. It was created by Shopware AG itself.
Activities logging in the administration: We use this extension so that the backend of the loggin activities can be managed. It was created by Webpiloten, bitpiloten GmbH & Co KG, Märkische Strasse 109, 44141 Dortmund in Germany.
Integrate Facebook Pixel & Conversion API: We use this extension so that meta pixels can be integrated. It was created by media:meets GmbH, Huttropstrasse 60, 45138 Essen, Germany.
Translate order status: We use this extension so that we can translate the order status for customers. It was created by ACRIS E-Commerce GmbH, Am Pfenningberg 60, 4040 Linz in Austria via Shopware.
HTML experience element with Twig Compiler: We use this extension so that the website can be displayed better. It was created by Moori, Jan- Philipp Georg, Salbeiweg 31, 33100 Paderborn in Germany.
Google Analytics 4 – GA4 & Google Ads mit Google Tag Manager - Google Consent Mode V2: We have this extension so that we can connect our website with GA4, Google Ads and the Google Tag Manager and ultimately make our website better for our customers. It was created by D-I-S commerce engineering, Stefan Ebinger, Friedrichstrasse 37, 70174 Stuttgart, Germany.
Filter Pro - Filter as slider, category filter, search, number of products: We use this extension to make the products findable for our customers. It was created by ACRIS E-Commerce GmbH, Am Pfenningberg 60, 4040 Linz in Austria via Shopware.
Blog incl. worlds of experience: We use this extension to create our blog. It was created by H1 Webdevelopment, Marconistraat 16, 3029 AK Rotterdam, Netherlands.
Private shop - Restrict shop access/login: We use this extension so that we can create a login for our shop. It was created by Webpiloten, bitpiloten GmbH & Co KG, Märkische Strasse 109, 44141 Dortmund in Germany.
Stageware Staging: We use this extension so that we can set up test environments. It was created by ZweiPunkt GmbH, am Vogelherd 92a, 98693 Ilmenau in Germany.

Even if Shopware and the plugins come from Germany (or Austria, the Netherlands or Switzerland), it cannot be ruled out that the integration of Shopware and its extensions will nevertheless result in data being transferred to a third country. As these are not considered countries with sufficient data security, the plugins are only activated if the user consents.

6.9 Paypal

We use the online payment system Papypal on our website. It is offered by Papyal Europe S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg in Luxembourg.

Luxembourg is considered a country with an adequate level of data protection.

6.10 Klarna

We use the online payment system Klarna Checkout on our website. It was created by Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.

Sweden is considered a country with an adequate level of data protection.

6.11 Meta Pixel

Our website uses the visitor action pixel from Meta, Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") to measure conversions.

Meta pixels can be used to track the behavior of site visitors after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with the Meta Data Usage Policy. This allows Meta to place adverts on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.

You will find further information on the protection of your privacy in Meta's data protection information.

You can also deactivate the remarketing function "Custom Audiences" in the settings for adverts under . You must be logged in to Facebook to do this.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance.

The use of meta pixels is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. Furthermore, the use is based on Art. 6 para. 1 lit. a GDPR, as each data subject gives their consent to the use of meta pixels through the cookie banner, which may transmit data to servers in third countries (Art. 49 para. 1 lit. a GDPR). The purpose of this data processing is therefore to optimize advertising for our users (Art. 6 para. 3 GDPR)..

6.12 Google Maps

We use plugins from Google Maps on our website to embed maps. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Among other things, the plugin uses cookies, which allow data to be transferred to Google servers in the USA and stored there. As these are nonessential cookies, the services are only loaded with the consent of the website user.

The legal basis for the use of Google Maps lies in our legitimate interest in the economic operation of our online offering, an appealing presentation and easy findability of the places we indicate on the website and the consent of the person using it (Art. 6 para. 1 lit. a and f GDPR). The purpose of this data processing is to improve the presentation of our website (Art. 6 para. 3 GDPR).

Google has undertaken to guarantee appropriate data protection in accordance with the US-European and US-Swiss Privacy Shield. As this no longer meets the standard of the GDPR, Google Maps is only activated on our website with the express consent of the data subject.

It is also possible to completely deactivate the Google Maps service and prevent the transfer of data to Google by deactivating JavaScript in your browser. In this case, the map display on the website will also be deactivated.

You can find more information on the handling of user data in Google's privacy policy.

7. Personal data abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular in order to process it or have it processed there. We only passively transfer personal data to third parties through the integration of plugins etc. We do not actively transfer any personal data to third parties.

We can export personal data to all countries and territories, provided that the legislation of the country concerned or the international body - in accordance with the decision of the Swiss Federal Council - guarantees adequate data protection. Data may also be exported without a decision by the Federal Council as long as appropriate data protection is guaranteed (see Art. 16 FADP):

A treaty under international law;
Data protection clauses in a contract between the controller or the client and its contractual partner that have been communicated to the FDPIC in advance;
Specific guarantees developed by the competent federal body and communicated to the FDPIC in advance;
Standard data protection clauses that the FDPIC has approved, issued or recognized in advance;
Binding internal company data protection regulations that have been approved in advance by the FDPIC or by an authority responsible for data protection in a country that guarantees adequate protection; or
The Federal Council provides for other suitable guarantees.

Data may also be exported abroad if the data subject has expressly consented to the disclosure or the disclosure is directly related to the conclusion or performance of a contract between the controller and the data subject or between the controller and its contractual partner in the interests of the data subject, or the disclosure is necessary for the protection of overriding public interests or the establishment, exercise or enforcement of legal claims before a court or other competent foreign authority. Disclosure is also permitted if it is necessary to protect the life or physical integrity of the data subject or a third party and it is not possible to obtain the data subject's consent within a reasonable period of time. In addition, the export of data abroad is permitted if the data subject has made the data generally accessible and has not expressly prohibited its processing or if the data can be found in a register provided for by law which is public or accessible to persons with an interest worthy of protection, provided that the legal requirements for access are met in the individual case (see Art. 17 FADP).

If and insofar as the General Data Protection Regulation (GDPR) is applicable, we may export data abroad as long as this country guarantees adequate data protection in accordance with the decision of the European Commission.

We may transfer personal data to countries whose laws do not guarantee adequate data protection, provided that data protection is guaranteed for other reasons, in particular on the basis of standard data protection clauses or with other suitable guarantees (Art. 46 para. 2 GDPR). Standard clauses are templates provided by the EU Commission. By using them, the provider undertakes to comply with the European level of protection when processing personal data, even if the data is transferred to a country without adequate data protection. The transfer of data may also be permitted without such guarantees. This is particularly the case if the data subject expressly consents to the proposed data transfer after having been informed of the risks involved or if the transfer is necessary for the fulfilment of a contract between the data subject and the controller or for the implementation of pre-contractual measures at the request of the data subject. Furthermore, admissibility may be given if the transfer is necessary for the conclusion or fulfilment of a contract concluded by the controller with another person in the interest of the data subject. The other grounds can be found in Art. 49 para. 1 GDPR.

8. Rights of data subjects

Data subjects whose personal data we process have the rights under Swiss data protection law and - if applicable - the General Data Protection Regulation (GDPR).

This includes the right to free information about the processing, the origin, the storage period - or if this is not possible, about the criteria for determining the duration - and the respective purpose for processing their personal data, as well as the right to rectification, erasure, restriction of data processing, data portability or blocking of the processed personal data to the extent required by law. Furthermore, data subjects have the right to information as to whether automated individual decisions have been made, as well as the logic on which the decisions are based. The right to information can only be restricted or postponed by legal restrictions.

Furthermore, data subjects who have disclosed personal data to Steinbild have the option of requesting such data - as long as it is processed automatically - in a commonly used electronic format.

Data subjects whose personal data we process can - if the General Data Protection Regulation (GDPR) applies - also request confirmation free of charge as to whether we process their personal data and, if so, request information about the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability and have their personal data corrected, deleted, blocked or completed. You can also withdraw your consent at any time with effect for the future and object to the processing of your personal data at any time.

Data subjects whose personal data we process have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). According to the GDPR, each member state must establish an independent body as a supervisory authority in accordance with Art. 51 GDPR.

9. Data security

We take suitable technical and organizational measures to ensure data security appropriate to the respective risk. Unfortunately, however, we cannot guarantee absolute data security.

Our website is accessed using transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated to HTTPS).

Our digital communication is subject to mass surveillance without cause or suspicion and other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We cannot directly influence the corresponding processing of personal data by secret services, police forces and other security authorities.

10. Notifications and messages

We send notifications and messages (e.g. newsletters) by e-mail and, if you provide us with other contact details, via other communication channels.

10.1 Success and reach measurement

Notifications and messages may contain web links or tracking pixels that record whether you have opened the message sent by us and whether you have clicked on web links in the message. Such web links and tracking pixels can also record the use of notifications and messages on a personalized basis. We require this statistical recording of usage for measuring success and reach in order to be able to send notifications and messages in an effective, userfriendly, permanent, secure and reliable manner based on the needs and reading habits of the recipients.

10.2 Consent and objection

We will only send you messages if you consent to us sending you messages via your e-mail address, for example, unless this use is permitted for other legal reasons. Wherever possible, we use the "double opt-in" procedure to obtain your consent, i.e. you will receive an e-mail with a web link that you must click on to confirm, so that no misuse by unauthorized third parties can occur. We may log such consents, including the Internet Protocol (IP) address and the date and time, for reasons of proof and security.

You can object to receiving notifications and communications such as newsletters at any time. With such an objection, you can also object to the statistical recording of usage for measuring success and reach. Necessary notifications and communications in connection with our activities and operations remain reserved.

11. References

Steinbild has no influence on external sites to which it refers, nor on external sites that refer to the website. Consequently, Steinbild cannot guarantee that the information contained on these websites is free of malware and correct. The information on such sites is entirely the responsibility of the respective third parties. Any responsibility for such websites or services is rejected.

12. Final provisions

We may amend and supplement this privacy policy at any time. We will provide information about such amendments and additions in an appropriate form, in particular by publishing the current privacy policy on our website.

This is the English Translation of the Data Privacy Policy. In case of a conflict the legally binding version is the German version.

STEINBILD Essential Line. Individual & discreet.

STEINBILD Masterpieces. That special something.

STEINBILD Blog. Exciting inspiration & background knowledge.

Natursteine. Eternal stories, timeless effects.