Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.

1.2 The controller for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Estershop, Milanstrasse 4, 13505 Berlin, Germany, Tel.: 030 / 40584506 E-Mail: support@estershop.de. The controller for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data Collection when Visiting Our Website

2.1 When using our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There will be no transfer or other use of the data. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Shopify as Platform Provider

Our website is operated on the e-commerce platform Shopify. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. As a processor in accordance with Art. 28 GDPR, Shopify processes personal data of our customers (in particular name, address, email, payment data, order data) for the provision of the shop infrastructure, payment processing, and hosting. The legal basis is Art. 6 para. 1 lit. b GDPR (contract execution). We have concluded a data processing agreement with Shopify. Further information on data protection at Shopify can be found at: https://www.shopify.com/legal/privacy

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your end device for a longer period and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of your web browser's cookie settings.

If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of granted consent, or in accordance with Art. 6 para. 1 lit. f GDPR for the protection of our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contacting Us

If you send contact inquiries via email through our website, these will be stored and organized to enable chronological processing and improve the service experience. The legal basis for the processing of this data is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims at concluding a contract, an additional legal basis is Art. 6 para. 1 lit. b GDPR. Your data will be deleted when circumstances indicate that the matter in question has been definitively clarified and provided that no legal retention obligations prevent deletion.

6) Data Processing when Opening a Customer Account

In accordance with Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed to the extent necessary if you provide them to us when opening a customer account. You can delete your customer account at any time by sending a message to the above-mentioned address of the controller.

7) Use of Customer Data for Direct Marketing

Subscription to our email newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. For newsletter dispatch, we use the so-called double opt-in procedure. By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. You can unsubscribe from the newsletter at any time via the link provided in the newsletter.

8) Data Processing for Order Fulfillment

8.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b GDPR.

8.2 To fulfill our contractual obligations to our customers, we work with external shipping partners. We pass on your name, your delivery address, and, if necessary for delivery, your telephone number, exclusively for the purpose of goods delivery in accordance with Art. 6 para. 1 lit. b GDPR to a shipping partner selected by us.

8.3 Use of Payment Service Providers (Payment Services)

- Paypal

This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If a payment method from the provider is selected, your payment data will be transmitted in accordance with Art. 6 para. 1 lit. b GDPR. The transmission takes place exclusively for the purpose of payment processing.

9) Online Marketing

Google AdSense

This website uses Google AdSense, a web advertising service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). All processing is carried out only with your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time via the cookie consent tool. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework. Google's privacy policy: https://www.google.de/policies/privacy/

10) Web Analysis Services

10.1 Google Analytics 4

This website uses Google Analytics 4, a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). All processing is carried out only with your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. Google Analytics 4 will not be used without your consent. You can revoke your consent at any time via the cookie consent tool. We have concluded a data processing agreement with Google. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework. Further information: https://policies.google.com/privacy?hl=de

10.2 Google Tag Manager

This website uses Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager itself does not store any information on user end devices. Processing is carried out only with your consent in accordance with Art. 6 para. 1 lit. a GDPR. We have concluded a data processing agreement with the provider. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework.

10.3 PayPal Marketing Solutions

This website uses the web analysis service of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. All processing is carried out only with your consent in accordance with Art. 6 para. 1 lit. a GDPR. We have concluded a data processing agreement with the provider.

11) Retargeting / Remarketing and Conversion Tracking

11.1 Facebook Pixel (Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland) – only with your consent in accordance with Art. 6 para. 1 lit. a GDPR. Revocation via the cookie consent tool. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework.

11.2 Google Ads Remarketing (Google Ireland Limited) – only with your consent in accordance with Art. 6 para. 1 lit. a GDPR. Revocation via the cookie consent tool. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework.

11.3 Microsoft Advertising (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA) – only with your consent in accordance with Art. 6 para. 1 lit. a GDPR. Revocation via the cookie consent tool. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework.

11.4 Google Ads Conversion Tracking (Google Ireland Limited) – only with your consent in accordance with Art. 6 para. 1 lit. a GDPR. Revocation via the cookie consent tool. Further information: https://policies.google.com/technologies/partner-sites

11.5 Pinterest Tag Conversion Tracking (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) – only with your consent in accordance with Art. 6 para. 1 lit. a GDPR. Revocation via the cookie consent tool. We have concluded a data processing agreement with the provider.

12) Page Functionalities

Google reCAPTCHA (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) – Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in spam defense). We have concluded a data processing agreement with the provider. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework.

13) Tools and Other

Cookie Consent Tool: This website uses a cookie consent tool to obtain effective user consent. This is displayed to users when they access the page. Cookies requiring consent are only loaded after approval. The tool sets technically necessary cookies to store your preferences. Legal basis: Art. 6 para. 1 lit. f and lit. c GDPR.

14) Rights of the Data Subject

14.1 Applicable data protection law grants you, in relation to the controller, the following data subject rights regarding the processing of your personal data:

  • Right to information pursuant to Art. 15 GDPR
  • Right to rectification pursuant to Art. 16 GDPR
  • Right to erasure pursuant to Art. 17 GDPR
  • Right to restriction of processing pursuant to Art. 18 GDPR
  • Right to notification pursuant to Art. 19 GDPR
  • Right to data portability pursuant to Art. 20 GDPR
  • Right to revoke granted consents pursuant to Art. 7 para. 3 GDPR
  • Right to lodge a complaint pursuant to Art. 77 GDPR

14.2 RIGHT TO OBJECT: IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

15) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and – if applicable – additionally by the respective statutory retention period (e.g., commercial and tax law retention periods). Stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected.