Data protection
We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
1. Information on the Collection of Personal Data
(1) In the following, we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behaviour.
(2) The responsible party pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is:
DR. KURT WOLFF GMBH & CO. KG Johanneswerkstraße 34-36 33611 Bielefeld
You can reach our data protection officer at dpo@drwolffgroup.com or our postal address with the addition "the data protection officer".
(3) When you contact us by email or via a contact form, the data you provide (your email address, your name and telephone number if applicable, and any other personal data you provide in your message) will be stored by us in order to answer your questions. We delete the data arising in this context after storage is no longer necessary, or restrict processing if there are legal retention obligations. Data processing when using a contact form is based on your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR and may be necessary according to Art. 6 para. 1 sentence 1 lit. b GDPR for processing your request or according to Art. 6 para. 1 sentence 1 lit. c GDPR to fulfil a legal obligation. If you send us an email, the data processing is necessary according to Art. 6 para. 1 sentence 1 lit. b GDPR for processing your request and/or according to Art. 6 para. 1 sentence 1 lit. c GDPR to fulfil a legal obligation.
(4) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also state the specified criteria for the storage period.
2. Your Rights
You have the following rights, provided the legal requirements are met. To assert them, you can use the contact addresses known to you. However, we would prefer you to use the following address:kw-verkauf@drwolffgroup.com .
- Art. 15 GDPR - Right to information of the data subject:
You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed, and, where that is the case, what personal data is being processed and the details of the data processing.
- Art. 16 GDPR - Right to rectification:
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Art. 17 GDPR - Right to erasure:
You have the right to demand that we delete personal data concerning you immediately.
- Art. 18 GDPR - Right to restriction of processing:
You have the right to demand that we restrict processing.
- Art. 20 GDPR - Right to data portability:
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, or to have the data transmitted directly to another controller, where technically feasible.
- Art. 21 GDPR - Right to object:
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is necessary for the purposes of the legitimate interests pursued by us, for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
If we process your personal data for direct marketing purposes, you have the right to object to this processing at any time. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
You can raise an objection at any time with effect for the future via one of the contact addresses known to you.
- Art. 77 GDPR in conjunction with Section 19 BDSG - Right to lodge a complaint with a supervisory authority:
You have the right to lodge a complaint at any time with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable law.
- Withdrawal of consent:
You can revoke your consent at any time with effect for the future via one of the contact addresses known to you
3. Collection of Personal Data When Visiting Our Website
(1) If you use the website for informational purposes only, i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the experience on our webiste as a whole more user-friendly and effective.
(3) Use of Cookies:
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (see b)
- Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
d) You can configure your browser setting according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website in this case.
e) We use cookies to be able to identify you for follow-up visits.
(4) Consent Management:
With the help of a data protection management software, we offer you the possibility to consent to the storage of cookies in a legally compliant manner and to ensure the effective revocation of the consent. The consent is documented to comply with our accountability obligation and the setting of cookies is technically controlled. For this purpose, cookies are used to store your cookie settings on our websites. Your cookie settings can be retained on a subsequent visit to our platforms as long as you do not delete the cookies beforehand. You can adjust your settings at any time. Mandatory legal retention periods remain unaffected.
Categories of data: Your IP address, the date of your consent, a pseudonymous ID and your chosen settings are stored for obtaining, managing and tracking your consent.
Recipient: OneTrust, 82 St John Street, Farringdon, London EC1M 4JN, United Kingdom (“OneTrust”). OneTrust is based in the United Kingdom. The European Commission has issued an adequacy decision for data transfers to the United Kingdom, confirming that an adequate level of protection exists for the processing of personal data.
Non-EU-country transfer: Data may be transferred by OneTrust to sub-processors in Non-EU-countries. OneTrust has entered into standard contractual clauses with the respective recipients for these purposes, unless an adequate level of protection exists due to a Commission decision. You can access the standard contractual clauses here, here and here.
Legal basis: The legitimate interest in pursuing the aforementioned purposes (Art. 6 para. 1 sentence 1 lit. f GDPR).
Storage period: The data is stored for 365 days and then deleted.
Privacy policy: https://www.onetrust.com/privacy-notice/
4. Additional Features and Offers of Our Website
(1) Besides just using our website for information, we offer various services that you can use if you're interested. For this, you'll usually need to provide additional personal data, which we use to provide the specific service, and the previously mentioned principles of data processing apply.
(2) We sometimes use external service providers to process your data. These providers have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored.
(3) We may also share your personal data with third parties if participation in promotions, competitions, contract conclusions, or similar services are offered by us together with partners. You can get more detailed information on this when providing your personal data or below in the description of the offer (e.g., in the respective terms and conditions).
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this situation in the description of the offer.
5. Use of the Official Alpecin Shop
(1) If you wish to place an order in our webshop available at www.alpecin.com, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. Mandatory information required for processing the contracts is marked separately, other information is voluntary. We process the data you provide to process your order.
(2) Use of Service Providers for Order Processing
Purposes: To process your order, we use the service provider Plentymarkets. Your data will only be passed on for the purpose of order processing and only to the extent necessary for this purpose. Only the information provided during the ordering process will be passed on. The service provider collects and stores the data and only passes it on to the companies involved in order processing, particularly logistics.
Categories of data: First name, last name, address and email address are processed.
Recipient: plentysystems AG, Johanna-Waescher-Straße 7, 34131 Kassel, Germany, (Plentymarkets)
Non-EU-country transfer: Data may be transferred by Plentymarkets to sub-processors in Non-EU-countries. Plentymarkets has entered into standard contractual clauses with the respective recipients for these purposes, unless an adequate level of protection exists due to a Commission decision. You can access the standard contractual clauses here, here and here.
Legal basis: Art. 6 para. 1 b GDPR, as the processing of the data is necessary for processing the order and thus for the performance of the contract.
Storage period: The data is generally processed until the respective order process is completed and automatically deleted three months after the order process is completed.
Privacy policy: https://www.plentyone.com/privacy-policy
(3) Use of Payment Service Providers
Purposes: Payment processing is carried out via payment service providers. Your data will only be passed on for the purpose of payment processing and only to the extent necessary for this purpose. Only the information provided during the ordering process will be passed on. The payment service provider collects and stores the data and only passes it on to the companies involved in the payment process.
We only collect or store payment data in the case of a refund by bank transfer.
Categories of data: First name, last name, invoice amount and payment method are processed.
Recipient:
- PayPal (Europe) S.à r.l. et Cie, S.C.A.22-24 Boulevard RoyalL-2449 Luxembourg
Non-EU-country transfer: Data may be transferred by PayPal to sub-processors in Non-EU-countries. PayPal has entered into standard contractual clauses with the respective recipients for these purposes, unless an adequate level of protection exists due to a Commission decision. You can access the standard contractual clauses here, here and here.
Legal basis: Art. 6 para. 1 b GDPR, as the processing of the data is necessary for processing the order and thus for the performance of the contract.
Storage period: The data is generally processed until the respective order process is completed.
Privacy policy: https://www.paypal.com/uk/legalhub/privacy-full#6
- Shopify Payments, Shopify International Limited, established under Irish law, with offices at 2nd Floor Victoria Buildings 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
Non-EU-country transfer: Shopify Payments is based in Canada. The European Commission has issued an adequacy decision for data transfers to Canada, confirming that an adequate level of protection exists for the processing of personal data. Data may be transferred by Shopify Payments to sub-processors in third countries (outside Canada, the EU and the EEA). Shopify Payments has entered into contractual arrangements with the respective recipients for these purposes, which are comparable to the European standard contractual clauses. You can access the standard contractual clauses here, here and here.
Legal basis: Art. 6 para. 1 b GDPR, as the processing of the data is necessary for processing the order and thus for the performance of the contract.
Storage period: The data is generally processed until the respective order process is completed.
Privacy policy: https://www.shopify.com/uk/legal/privacy
- Klarna Bank AB (publ.), a public limited company under Swedish law, Sveavagen 46, 111 34 Stockholm, Sweden (Klarna)
Non-EU-country transfer: Data may be transferred by Klarna to sub-processors in Non-EU-countries. Klarna has entered into standard contractual clauses with the respective recipients for these purposes, unless an adequate level of protection exists due to a Commission decision. You can access the standard contractual clauses here, here and here.
Legal basis: Art. 6 para. 1 b GDPR, as the processing of the data is necessary for processing the order and thus for the performance of the contract.
Storage period: The data is generally processed until the respective order process is completed.
Privacy policy: https://cdn.klarna.com/1.0/shared/content/legal/terms/en-UK/privacy
(2) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years.
(3) To prevent unauthorised access by third parties to your personal data, particularly financial data, the ordering process is encrypted using TLS/SSL technology.
6. Advertising and Newsletter
(1) You can voluntarily subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
(2) For the registration to our end-customer newsletter, we use the so-called double opt-in procedure. This means that we will send you an email to the specified email address after your registration, in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your email address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we store your email address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter email or by sending a message to the contact details provided in the imprint.
(5) We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the data mentioned in § 3 and the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID. Such tracking is not possible if you have deactivated the display of images by default in your email program. In this case, the newsletter will not be displayed in full, and you may not be able to use all the functions. If you manually display the images, the above-mentioned tracking will take place.
Categories of data:
- Consent data (name, date of birth, email address, time, IP address)
- Usage data (opened email, clicked links)
- Personalisation data (…)
Recipient: Mailchimp, Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. We have entered into standard contractual clauses with Rocket Science for these purposes, unless an adequate level of protection exists due to a Commission decision. You can access the standard contractual clauses here, here and here. More information can also be found at:
https://mailchimp.com/legal/data-processing-addendum/
Legal basis: Art. 6 para. 1 b GDPR, as the processing of the data is necessary for processing the order and thus for the performance of the contract.
Privacy policy: https://www.intuit.com/privacy/statement/
(6) Even if you have not subscribed to our newsletter, we may send you advertising for our own similar goods or services using electronic mail (email) after you have purchased one or more products from us, provided you have not objected to this use of your data.
You will be clearly and explicitly informed at the time of collection of your contact details and each time they are used that you may object to this use at any time without incurring any costs other than the transmission costs according to the basic rates.
You can object to this advertising at any time by
- Clicking the unsubscribe link in the email; or
- Sending a message to kw-verkauf@drwolffgroup.com
with effect for the future.
7. Web Analysis, Monitoring, and Optimization
We use other services on this website in the area of web analysis, monitoring and optimization.
Purposes: Web analysis is used to evaluate visitors to our online offering and may include behavior, interests or demographic information about visitors, such as gender, in pseudonymous form. This allows us to recognize, for example, at what time our online offer or its functions or content are most frequently used. It also allows us to understand which areas require optimization. In addition to web analysis, we can also use test procedures, e.g. to test and optimize different versions of our online offering or its components.
Categories of data
- Interests
- Pseudonymised Usage Data (e.g., visited websites and elements used on them), usage interactions (e.g., recordings of your mouse movements, clicks, scrolling behaviour and depth, and interactions with website elements).
- Technical Data (e.g., device information, operating system, browser type and version, screen resolution, and language settings).
- Meta/Communication Data (e.g., IP address, referrer URL (the previously visited page), as well as the date and time of access).
Wherever possible, we use an IP masking procedure (i.e., pseudonymisation by shortening the IP address). - Demographic & Geographic Data (e.g., geographic location derived from the IP address).
If users have consented to the collection of their location data, this may also be processed depending on the provider.
Service providers used
(1) Google Services
We use the following services of the provider Google in the area of web analysis, monitoring and optimization:
- Google Analytics
- Google Adwords
- DoubleClick
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Transfers to Non-EU countries: Data may be transferred by Google to recipients in Non-EU countries. Google has concluded standard contractual clauses with the respective recipients for these purposes, unless an adequate level of protection exists on the basis of a Commission decision. You can access the standard contractual clauses here, here and here.
Privacy policy: https://policies.google.com/privacy?hl=de
(2) Sentry
Provider: Functional Software Inc, 132 Hawthorne Street, San Francisco, CA 94107, USA
Transfers to Non-EU countries: Data may be transferred from Sentry to recipients in Non-EU countries. Sentry or Functional Software is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. Sentry has also concluded standard contractual clauses with the respective recipients, unless an adequate level of protection exists on the basis of a Commission decision. You can access the standard contractual clauses here, here and here
Privacy policy: https://sentry.io/privacy/
(3) Microsoft Clarity
Purposes: Microsoft Clarity is an analytics tool that provides insights into user behaviour by creating so-called "heatmaps" and recording individual user sessions (session replays). These analyses help us identify usage patterns, detect technical errors, and optimise the design and content of our website.
- Heatmaps visually show us which areas of our website are clicked on or viewed most frequently.
- Session replays allow us to view anonymised recordings of individual visits to understand how visitors interact with our site (e.g., through mouse movements, clicks, and scrolling behaviour).
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Transfers to Non-EU countries: Data may be transferred to recipients in in Non-EU countries. Microsoft Clarity states that sensitive data is masked before being forwarded to Microsoft.
Microsoft is an active participant in the EU-US Data Privacy Framework, which regulates the proper and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. Additionally, Microsoft has entered into standard contractual clauses with the respective recipients unless an adequate level of protection is ensured by a Commission decision. You can access the standard contractual clauses here, here, and here.
Legal Basis: Legitimate interest in pursuing the aforementioned purposes (Article 6(1)(1)(a) GDPR).
Retention Period: Data is stored for a maximum of 13 months and then automatically deleted.
Privacy Policy: https://www.microsoft.com/en-gb/privacy/privacystatement
8. Remarketing and Conversion Tracking
We use additional services in the areas of remarketing and conversion tracking on this website.
Purposes: We use various remarketing and conversion tracking technologies on our website. This allows us to present our users with interest-based advertisements. We analyze user interactions on our website and can display targeted advertisements to users on other websites or platforms after their visit to our website. We also receive information from the respective platforms about the success of our advertising campaigns, which we use to optimize our advertising measures.
Categories of Data:
- Pseudonymous usage data (e.g., visited websites and used elements and technical information, access times), meta/communication data (e.g., device information).
- Interests
- Demographic information
- If users have consented to the collection of their location data, these may also be processed depending on the provider.
Service Providers Used:
(1) Google Services
We use the following services from the provider Google in the areas of web analysis, monitoring, and optimization:
- Google Analytics
- Google Adwords
- Google Remarketing
- DoubleClick
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Non-EU Country Transfers: Data may be transferred by Google to recipients in Non-EU-countries. Google has concluded standard contractual clauses with the respective recipients for these purposes, unless an adequate level of protection exists based on a Commission decision. You can access the standard contractual clauses here, here and here.
Privacy Policy: https://policies.google.com/privacy?hl=en
Google’s Privacy & Terms site: https://business.safety.google/privacy/
(2) TikTok Analytics
Provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
Non-EU Country Transfers: Data may be transferred by TikTok to recipients in Non-EU-countries. TikTok has concluded standard contractual clauses with the respective recipients for these purposes, unless an adequate level of protection exists based on a Commission decision. You can access the standard contractual clauses here, here and here.
Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en
(3) Adform
Provider: Adform A S, Silkegade 3 B, 1113, København K.
Non-EU Country Transfers: Data may be transferred by Adform to recipients in Non-EU-countries. Adform has concluded standard contractual clauses with the respective recipients for these purposes, unless an adequate level of protection exists based on a Commission decision. You can access the standard contractual clauses here, here and here.
Privacy Policy: https://site.adform.com/privacy-center/platform-privacy/
(4) Outbrain Amplify
Provider: Outbrain UK Limited, First Floor Craven House, 121 Kingsway LONDON, WC2B 6PA United Kingdom
Non-EU Country Transfers: Data may be transferred by Outbrain to recipients in Non-EU-countries. Outbrain has concluded standard contractual clauses with the respective recipients for these purposes, unless an adequate level of protection exists based on a Commission decision. You can access the standard contractual clauses here, here and here.
Privacy Policy: https://www.outbrain.com/privacy/
(5) Taboola
Provider: Taboola Germany GmbH, Alt-Moabit 2, 10557 Berlin.
Non-EU Country Transfers: Data may be transferred by Taboola to recipients in Non-EU-countries. Taboola has concluded standard contractual clauses with the respective recipients for these purposes, unless an adequate level of protection exists based on a Commission decision. You can access the standard contractual clauses here, here and here.
Privacy Policy: https://www.taboola.com/policies/privacy-policy
(6) Facebook Custom Audiences
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Non-EU Country Transfers: Data may be transferred by Facebook to recipients in Non-EU-countries. Meta Platforms, Inc. has certified its participation in the EU-US Data Privacy Framework. Meta Ireland relies on the EU-US Data Privacy Framework and the adequacy decision of the European Commission for transfers of European data to Meta Platforms, Inc. in the USA, as outlined in Meta's Data Privacy Agreement disclosure. Meta Ireland may also use alternative transfer mechanisms, as recognized by the GDPR and other applicable data protection laws in the EEA and Switzerland.
Privacy Policy: https://www.facebook.com/about/privacy
Opt-Out: For logged-in users, available at https://www.facebook.com/settings/?tab=ads#.
(7) Pinterest Conversion Insights
Provider: Pinterest Europe Ltd., 2nd Floor, Palmerston House, Fenian Street, Dublin 2.
Non-EU Country Transfers: Data may be transferred by Pinterest to recipients in Non-EU-countries. Pinterest has concluded standard contractual clauses with the respective recipients for these purposes, unless an adequate level of protection exists based on a Commission decision. You can access the standard contractual clauses here, here and here.
Privacy Policy: https://policy.pinterest.com/en/privacy-policy
9. Other Services
(1) Playing Videos via Bunny.net
Provider: BunnyWay d.o.o., Dunajska c. 165, 1000 Ljubljana, Slovenia
Purposes: We use the provider bunny.net to embed videos on our website.
Videos are embedded on our website via iframe using the "bunny.net" service. If you visit a website containing such a video, your browser establishes a connection to the provider's servers, and the content is delivered directly to your browser by bunny.net.
Bunny.net thus receives the information that the corresponding website was accessed by your browser. As a result, personal data may be stored and evaluated in server log files, particularly:
- Your activity (visited pages)
- Device and browser information (especially IP address, operating system).
- Information about interactions with the embedded video
Beyond that, Bunny.net generally does not process any personal visitor data from visitors to our website. Exceptions are based on Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient provision and improvement of the stability and functionality of our website).
Privacy Policy: https://bunny.net/privacy/
(2) Embedding Reviews via Judge.me
Purposes: We use the provider judge.me to allow our users to write and publish customer reviews on the product detail page.
Provider: http://Judge.me Ltd, c/o Buckworths, 1-3 Worship Street, London EC2A 2AB
Non-EU Country Transfers: Data may be transferred by http://judge.me reviews to recipients in Non-EU-countries. http://judge.me reviews has concluded standard contractual clauses with the respective recipients for these purposes, unless an adequate level of protection exists based on a Commission decision. You can access the standard contractual clauses here, here and here.
Privacy Policy: https://judge.me/privacy
Last updated: 27.01.2025