Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Katharina Eberius, Kathienchen Yarns, Zur Schafstränke 15, 01705 Freital, Germany, E-Mail: kathi@kathienchen.de. The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time at the moment of access
Amount of data sent in bytes
Source/referral from which you reached the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 For the hosting of our website and the display of page content, we use a provider who provides its services itself or through selected sub-contractors exclusively on servers within the European Union.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

3.2 Bunny

We use a Content Delivery Network from the following provider: BUNNYWAY d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia

This service enables us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6 Para. 1 lit. f GDPR.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your end device for a longer period and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of your web browser's cookie settings.

If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of consent given, or in accordance with Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance or exclude the acceptance of cookies for certain cases or generally.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting Us

When you contact us (e.g., via contact form or email), personal data is processed – exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact aims at concluding a contract, then Art. 6 Para. 1 lit. b GDPR is an additional legal basis for the processing. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been finally clarified and provided that there are no statutory retention obligations to the contrary.

6) Data Processing When Opening a Customer Account

In accordance with Art. 6 Para. 1 lit. b GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. Which data is required for opening an account can be found in the input mask of the corresponding form on our website.

You can delete your customer account at any time by sending a message to the above-mentioned address of the controller. After deletion of your customer account, your data will be deleted, provided that all contracts concluded via it have been fully processed, there are no statutory retention periods to the contrary, and we have no legitimate interest in further storage.

7) Use of Customer Data for Direct Advertising

7.1 Subscribing to our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of further data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive newsletters after you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the specified email address.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. In doing so, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data collected by us when registering for the newsletter is used strictly for its intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

7.2 Brevo

Our email newsletters are sent via this provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany

On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided when registering for the newsletter to this provider in accordance with Art. 6 Para. 1 lit. f GDPR, so that they can handle the newsletter dispatch on our behalf.

Subject to your express consent pursuant to Art. 6 Para. 1 lit. a GDPR, the provider also carries out a statistical success evaluation of newsletter campaigns by means of web beacons or tracking pixels in the sent emails, which can measure opening rates and specific interactions with the content of the newsletter. Device information (e.g., time of access, IP address, browser type, and operating system) is also collected and evaluated, but not merged with other data sets.
You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.

8) Data Processing for Order Fulfillment

8.1 Insofar as necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data you provided during the order to inform you personally within the scope of our statutory information obligations pursuant to Art. 6 Para. 1 lit. c GDPR. Your contact data will be used strictly for the purpose of communications about updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s) who support us wholly or partly in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

8.2 Disclosure of Personal Data to Shipping Providers

- DHL

We use the following provider as a transport service: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

We will pass on your email address and/or telephone number to the provider in accordance with Art. 6 Para. 1 lit. a GDPR before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent for this during the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR, we will only pass on the recipient's name and delivery address to the provider. The disclosure only takes place to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible.

Consent can be revoked at any time with effect for the future towards the controller named above or towards the provider.

8.3 Use of Payment Service Providers

- Amazon Pay

One or more online payment methods from the following provider are available on this website: Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg

If you select a payment method from the provider where you make an advance payment (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to them in accordance with Art. 6 Para. 1 lit. b GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.

- Paypal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from the provider where you make an advance payment, your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to them in accordance with Art. 6 Para. 1 lit. b GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.

If you select a payment method where we make an advance payment, you will also be asked during the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if applicable, data for an alternative payment method).

In such cases, to protect our legitimate interest in determining your ability to pay, we will forward this data to the provider in accordance with Art. 6 Para. 1 lit. f GDPR for the purpose of a credit check. The provider checks on the basis of the personal data you have provided and other data (such as shopping cart, invoice amount, order history, payment experiences) whether the payment option you have selected can be granted with regard to payment and/or bad debt risks.

The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.

- Stripe

One or more online payment methods from the following provider are available on this website: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland

If you select a payment method where the provider makes an advance payment (e.g., purchase on account or installment purchase or direct debit), you will also be asked during the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if applicable, data for an alternative payment method).

To protect our legitimate interest in determining the creditworthiness of our customers, we will forward this data to the provider in accordance with Art. 6 Para. 1 lit. f GDPR for the purpose of a credit check. The provider checks on the basis of the personal data you have provided and other data (such as shopping cart, invoice amount, order history, payment experiences) whether the payment option you have selected can be granted with regard to payment and/or bad debt risks.

9) Web Analytics Services

Matomo

This website uses a web analytics service from the following provider: InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, ("Matomo")

To protect site visitors, Matomo uses a so-called "config_id" to enable various analyses of site usage within a short time window of up to 24 hours. The "config_id" of the site is a randomly set, time-limited hash of a limited set of visitor settings and attributes. The config_id or config hash is a string calculated for a visitor based on their operating system, browser, browser plugins, IP address, and browser language. Matomo does not use device fingerprinting and uses an anonymized IP address of the site visitor to create the "config_id".

If the information processed in this way includes personal user data, the processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. To object to the future processing of your visitor data, we provide you with a separate opt-out option on our website.

Data is only transferred to the provider if the service is not hosted on our servers itself. In the case of self-hosting, data collected via the service is not transmitted to the provider.

If the service is not hosted on our servers itself, we have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

For data transfers to New Zealand, an adequacy decision by the EU Commission applies in this case, which attests to compliance with European data protection standards for international data transfers.

10) Site Functionalities

10.1 ShopVote Graphics

Graphic elements from the following provider are integrated on our website to display external customer reviews and/or an externally awarded quality seal: Blickreif GmbH, Schulstraße 46, 80634 Munich, Germany

When you call up a page of our website that contains such graphic elements, your browser establishes a direct connection to the provider's servers in order to load the elements properly. In doing so, certain browser information, including your IP address, is transmitted to the provider.

If personal data is also processed in this context, this is done in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in the optimal marketing of our offer and the attractive design of our website.

10.2 Cloudflare Turnstile

On this website, we use the CAPTCHA service from the following provider: Cloudflare, Inc., 101 Townsend St. San Francisco, CA 94107, USA

The service checks whether an entry is made by a natural person or abusively by machine and automated processing, and blocks spam, DDoS attacks, and similar automated malicious access. To ensure that an action is performed by a human and not by an automated bot, Cloudflare Turnstile collects the IP address of the end device used, recognition data of the browser and operating system type used, as well as the date and duration of the visit, and transmits this to the provider's servers for evaluation.

The described processing will only take place if you have given us your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

11) Rights of the Data Subject

11.1 The applicable data protection law grants you the following rights of data subjects (rights of access and intervention) against the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise requirements:

Right of access pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to notification pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consent given pursuant to Art. 7 Para. 3 GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

11.2 RIGHT TO OBJECT

IF, WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL TERMINATE THE PROCESSING OF THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL TERMINATE THE PROCESSING OF THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

12) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if relevant – additionally by the respective statutory retention period (e.g., commercial and tax retention periods).

When processing personal data on the basis of express consent pursuant to Art. 6 Para. 1 lit. a GDPR, the affected data will be stored until you withdraw your consent.

If statutory retention periods exist for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 Para. 1 lit. b GDPR, this data will be routinely deleted after expiry of the retention periods, provided that it is no longer required for contract fulfillment or contract initiation and/or we have no legitimate interest in further storage.

When processing personal data on the basis of Art. 6 Para. 1 lit. f GDPR, this data will be stored until you exercise your right to object pursuant to Art. 21 Para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

When processing personal data for the purpose of direct advertising on the basis of Art. 6 Para. 1 lit. f GDPR, this data will be stored until you exercise your right to object pursuant to Art. 21 Para. 2 GDPR.

Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

As of: 25.05.2025, 18:48:03

Privacy & Data Protection

Privacy Policy

1) Introduction and Contact Details of the Controller

2) Data Collection When Visiting Our Website

3) Hosting & Content Delivery Network

4) Cookies

5) Contacting Us

6) Data Processing When Opening a Customer Account

7) Use of Customer Data for Direct Advertising

8) Data Processing for Order Fulfillment

9) Web Analytics Services

10) Site Functionalities

11) Rights of the Data Subject

12) Duration of Storage of Personal Data

Information

Unternehmen