Language:
  • Germany (€)
  • Switzerland (₣)
Order now

Privacy Policy

The following privacy information provides you with an overview of how we process your personal data when you visit our website.

1. Data controller contact details

The controller under data protection law is:

KOQOON GmbH & Co. KG
Dieselstraße 4
73278 Schlierbach
Email: privacy@koqoon.com

2. Collection and storage of personal data as well as type and purpose of processing when accessing our website

When accessing our website www.koqoon.com, information is automatically sent to our website server by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your input and stored until automated deletion:

  • IP address of the requesting computer in anonymised form
  • Date and time of access
  • Name and URL of the accessed website or file
  • Website from which access is made (referrer URL)
  • Browser used (type and version)
  • Operating system of your computer
  • Device type used
  • Internet service provider

These data are processed for the following purposes:

  • Ensuring a smooth connection setup of the website
  • Ensuring comfortable use of our website
  • Evaluation of system security and stability
  • For further administrative purposes

The legal basis for data processing is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes listed above. As a rule, we do not use the collected data to draw conclusions about your person. We reserve the right to do so only in exceptional cases, such as unlawful interference with our system.

All collected data is deleted 30 days after visiting the website.

For security reasons and to protect the transmission of confidential content, such as orders or enquiries sent to us as site operators, this site uses SSL/TLS encryption. You can recognise an encrypted connection by the fact that the browser address line changes from “http://” to “https://” and by the lock symbol in your browser. When SSL/TLS encryption is activated, the data you transmit cannot be read by third parties.

3. Collection and storage of personal data when using our online shop

a) Shop system and customer account

Our online shop is operated using the content management system Craft CMS and the e-commerce plugin Craft Commerce. The processing of your personal data takes place on servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

Hetzner provides services in the areas of hosting, server operation and data storage. A data processing agreement pursuant to Art. 28 GDPR has been concluded with Hetzner. Data is stored exclusively in data centres in Germany.

When you place an order in our online shop, it is necessary for the conclusion of the contract that you provide the personal data required for processing your order. This includes in particular address and contact data, order data as well as technical data (e.g. IP address, browser information). Processing of this data takes place on our servers at Hetzner.

To prevent unauthorised access by third parties to your personal data, the ordering process is encrypted using SSL/TLS technology.

You may place orders as a guest or as a registered user. When opening a customer account, we collect personal data to the extent specified there. As a registered user, you can change or delete your data at any time. You can do this in your personal customer area or by contacting us. Data collected during registration is deleted if the registration is cancelled or modified by the user and no legal retention obligation exists.

Data collected in the course of a guest order is deleted after completion of the contract, unless storage is required by law or necessary to protect legitimate interests.

Processing of your customer and order data is carried out for the performance of the contract pursuant to Art. 6(1)(b) GDPR. If you register in the online shop and create a user account, processing of the data you provide is based on your consent given through the use of the customer account pursuant to Art. 6(1)(a) GDPR. This consent may be withdrawn at any time without affecting the legality of processing carried out before withdrawal.

b) Merchandise management and transport service providers

We use a merchandise management system for contract processing as part of data processing on behalf of others.

We pass on the name and address data you provide to our transport and payment service providers for processing your order. The legal basis for this is Art. 6(1)(b) GDPR.

If you have expressly consented during the ordering process, we also pass on your email address and/or telephone number to the transport company commissioned by us as part of contract processing. This is done for the purpose of informing you by email or telephone about the shipping status and for arranging delivery. The transfer is based on your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw this consent at any time by notifying us or the transport company, without affecting the lawfulness of processing carried out prior to withdrawal.

c) Payment service providers

Your payment data is transmitted, depending on the selected payment method, to the respective payment service provider pursuant to Art. 6(1)(b) GDPR for the purpose of processing the purchase contract. Responsibility for your payment data lies with the respective payment service provider.

(1) Credit card / PayPal via Stripe

We use the services of Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, for payment processing.

When using credit card or PayPal payment methods, personal data (e.g. name, address, billing information, payment information and possibly IP address) is transmitted to Stripe. The transfer is carried out exclusively for payment processing purposes. Stripe may transfer data to third countries (in particular the USA); this is done using the European Commission’s Standard Contractual Clauses.

Further information can be found in Stripe’s privacy policy: https://stripe.com/de/privacy

(2) PayPal

We also offer payment via the payment service provider PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22–24 Boulevard Royal, L-2449 Luxembourg; “PayPal”) in our online shop.

When selecting and using PayPal, the data required for payment processing is transmitted to PayPal in order to fulfil the contract with you using the selected payment method. This processing is based on Art. 6(1)(b) GDPR.

For the integration of this payment service, PayPal also collects, stores and analyses data (e.g. IP address, device type, operating system, browser type, location of your device). Cookies may also be used for this purpose. These cookies enable recognition of your browser.

Further information on data processing when using PayPal can be found in the relevant privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

d) Credit information

When paying by credit card, payment service providers reserve the right to obtain credit information based on mathematical-statistical methods using credit agencies.

Providing the data is necessary for concluding the contract with the selected payment method. Failure to provide the data will result in the contract not being concluded using the selected payment method.

For credit checks, your personal data required for such checks is transmitted to a credit agency and used to calculate the statistical probability of payment default.

The credit assessment may include score values calculated using scientifically recognised mathematical-statistical methods, in which address data may also be included. Your legitimate interests are taken into account in accordance with statutory provisions. The purpose of data processing is credit assessment for initiating a contract.

Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in protecting against payment defaults when we provide advance performance. You have the right to object at any time for reasons arising from your particular situation to the processing of your personal data based on Art. 6(1)(f) GDPR by notifying us.

4. Cookies

Our websites use so-called “cookies”. Cookies are small data packets and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party providers within websites (e.g. cookies used to process payment services).

Cookies have different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies may be used to analyse user behaviour or for advertising purposes.

Cookies that are required for the execution of the electronic communication process, for the provision of certain functions requested by you, or for the optimisation of the website (e.g. cookies for measuring web traffic) (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. We have a legitimate interest in storing necessary cookies to ensure the technically error-free and optimised provision of our services. If consent for the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG); consent may be withdrawn at any time.

You can configure your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude acceptance of cookies for specific cases or in general, and to activate automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Which cookies and services are used on this website can be found in our consent tool: https://koqoon.com/gdpr-compliance

Our website uses consent technology to obtain your permission for the storage of certain cookies on your device or the use of certain technologies and to document this in compliance with data protection regulations. This is done in order to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.

Further details and the privacy policy of Cookiebot can be found here: https://www.cookiebot.com/de/privacy-policy/

5. Analytics tools

To improve our website and advertising offer and to provide our visitors and customers with an improved experience, we use the following analytics tools to track the behaviour of users on our website.

The use of cookies or similar technologies is always based on your consent pursuant to § 25(1) sentence 1 TDDDG in conjunction with Art. 6(1)(a) GDPR. The processing of your personal data is also carried out on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

a) Google Analytics

We use the analytics tool Google Analytics, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics collects statistics about the use of our website. We use this information to improve our services.

The following data may be collected in particular: browser information (browser type, referring and exit pages, files viewed on our website, operating system, time stamp), usage data (views, clicks), location data, interaction data and device operating system.

We have activated IP anonymisation, which shortens your IP address before transmission so that it generally cannot be linked to your person. Only the anonymised IP address is transmitted to Google.

It is possible that data may also be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google LLC is certified under the EU–US Data Privacy Framework.

Further details about Google Analytics and Google’s privacy policy can be found here:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
https://policies.google.com/privacy

Google Analytics stores cookies in your web browser for a period of two years from your last visit. These cookies contain a randomly generated user ID that allows you to be recognised on future visits. The recorded data is stored together with the user ID, enabling the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data is stored indefinitely in aggregated form.

b) Hotjar

To statistically analyse visitor data on our website, we use the analytics tool Hotjar provided by Hotjar Limited, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville, St Julian’s STJ 3141, Malta.

Hotjar automatically collects data from your visit to our website (IP address, time of visit, device and browser information, and information about your use of our website), stores it and creates a pseudonymous usage profile from it. Cookies may be used for this purpose. The pseudonymised usage profiles are not merged with personal data relating to the holder of the pseudonym without separate explicit consent. Hotjar acts on our behalf.

Detailed information about the cookies used by Hotjar, their function and storage duration can be found here:
https://help.hotjar.com/hc/de/articles/115011789248-Cookies-auf-hotjar-com

Further information on data protection when using Hotjar can be found here:
https://www.hotjar.com/legal/policies/privacy/de/

c) Meta Pixel

This website uses the Meta Pixel for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

This allows tracking of visitors’ behaviour after they have been redirected to our website by clicking on a Facebook or Instagram advertisement. This enables the effectiveness of advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Meta, which may link it to the respective user profile and use it for its own advertising purposes in accordance with its data usage policy (https://policies.google.com/privacy). This enables Meta to display advertisements on and off its platforms. We have no control over this use of data.

Where personal data is collected via this tool and transmitted to Meta, we and Meta Platforms Ireland Limited are jointly responsible for this processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of data and its transmission to Meta. The subsequent processing by Meta is not part of the joint responsibility. The obligations of joint responsibility are set out in a joint controller agreement, available at: https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing privacy information regarding the use of the Meta tool and for the GDPR-compliant implementation of the tool on our website. Meta is responsible for the security of Meta products. Data subject rights (e.g. access requests) relating to data processed by Meta can be exercised directly with Meta. If you contact us regarding such rights, we are obliged to forward your request to Meta.

The use of the Meta Pixel may result in data transfers to the USA by companies within the Meta group based on the EU Commission’s adequacy decision under the EU–US Data Privacy Framework. Further information can be found in Meta’s privacy policy: https://de-de.facebook.com/about/privacy/.

If you are logged into Facebook or Instagram, you can deactivate the “Custom Audiences” remarketing function in the ad settings:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

If you do not have a Meta account, you can opt out of interest-based advertising via the European Interactive Digital Advertising Alliance:
http://www.youronlinechoices.com/de/praferenzmanagement

6. Store locator (Mapbox)

For the function of our store locator, we use Mapbox, a service provided by Mapbox, Inc., 50 Beale Street, Suite 450, San Francisco, CA 94105, USA.

If you use the store locator not based on a postal code but by allowing geolocation, your IP address and location data will in particular be collected by us, transmitted to Mapbox and subsequently processed by Mapbox. We have no influence over this further data processing.

The privacy policy and terms of use of Mapbox can be found here:
https://www.mapbox.com/legal/privacy/
https://www.mapbox.com/legal/tos/

The legal basis for data processing for location purposes is your consent pursuant to Art. 6(1) sentence 1(a) GDPR.

7. Newsletter

If you subscribe to the newsletter offered by us, the data provided during newsletter registration (email address and any other voluntarily provided information) will be used exclusively for sending the newsletter, unless you consent to further use. You may cancel your subscription at any time via the unsubscribe link included in the newsletter, by email to info@koqoon.com, via our contact form or by sending a message to the contact details provided in the legal notice.

Our newsletter is sent via our data processor Klaviyo Inc., 125 Summer St Floor 7, Boston, MA 02111, USA (“Klaviyo”). Klaviyo is certified under the Trans-Atlantic Data Privacy Framework (TADPF). Klaviyo’s privacy policy can be found here: https://www.klaviyo.com/legal/privacy-notice

After registration, we will send you an email asking you to confirm your subscription (double opt-in procedure). In order to be able to legally document the registration process, your registration is logged. This includes the registration and confirmation timestamps as well as your IP address, which is stored on Klaviyo’s servers.

To evaluate which content in our newsletters is of most interest to our customers, we use individualised pixels (so-called web beacons) to measure opening and click rates.

The legal basis for processing personal data for sending the newsletter and for the use of measurement pixels is your consent pursuant to Art. 6(1)(a) GDPR. If you unsubscribe from the newsletter, this also constitutes a withdrawal of consent for the storage of personal data collected during the registration process. The data will then be blocked for newsletter receipt within an existing or former customer relationship and deleted in all other cases, unless statutory retention obligations apply.

8. Contact form

We provide you with a contact form. When using it, the required mandatory information, any voluntarily provided details, as well as the time of submission are stored.

The data is stored exclusively for the purpose of processing enquiries and responding to them. The mandatory information is used for assigning and handling your request, for which we have a legitimate interest pursuant to Art. 6(1)(f) GDPR. If you enquire about a product or service offered by us, processing is additionally carried out for the purpose of pre-contractual measures pursuant to Art. 6(1)(b) GDPR. Your data will be deleted once these purposes have been fulfilled, unless statutory retention obligations apply.

9. Data sharing

Wherever we disclose data to other individuals and companies (processors or third parties) in the course of our processing, transfer it to them, or otherwise grant them access to the data, this is done only on the basis of your prior consent, where required by law, or on the basis of our legitimate interests.

The following categories of recipients, who are generally processors, may have access to your personal data:

Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. data centre services, payment processing, IT security). The legal basis for such disclosure is Art. 6(1) sentence 1(b) or (f) GDPR, insofar as they are not processors;

Public authorities or government agencies, where this is necessary to comply with a legal obligation. The legal basis for such disclosure is Art. 6(1) sentence 1(c) GDPR;

Persons engaged in the operation of our business. The legal basis for such disclosure is Art. 6(1) sentence 1(b) or (f) GDPR.

Subject to statutory or contractual permissions, we only process or allow data to be processed in a third country outside the EU if the special requirements of Art. 44 et seq. GDPR are met. This means that processing takes place, for example, on the basis of specific safeguards, such as an officially recognised adequacy decision confirming an adequate level of data protection in line with EU standards, or in compliance with contractual obligations (so-called “standard contractual clauses”).

10. Data deletion and rights

We generally delete personal data when there is no longer a need for further storage. Such a need may in particular exist if the data is still required to fulfil contractual services, to review and grant or defend warranty and possibly guarantee claims. In the case of statutory retention obligations imposed by European or national legislators in EU regulations, laws or other provisions to which the controller is subject, deletion will only take place after the expiry of the respective retention period.

You have the right to obtain information about the personal data we process about you. In addition, you have the right to rectification of inaccurate data and to erasure of your personal data (right to be forgotten). You may also withdraw any consent given at any time without providing reasons, with effect for the future. You also have the right to restriction of processing, to receive the data you have provided in a structured, commonly used and machine-readable format (data portability). With regard to automated individual decision-making in scoring processes, you also have the right under Art. 22(3) GDPR to obtain human intervention, to express your point of view and to contest the decision.

To enable us to process your request regarding the above rights, please send your enquiry directly to us, for example by post or simply by email to privacy@koqoon.com.

You have the right to lodge a complaint with the competent supervisory authority. As a rule, you may contact the supervisory authority of your habitual residence or of our company’s registered office.

11. Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, provided there are grounds relating to your particular situation, or if the objection relates to direct marketing. In the latter case, you have a general right to object, which will be implemented by us without the need to state a particular situation.

If you wish to exercise your right to object, please contact us at the address provided above or simply by email at privacy@koqoon.com.

12. Changes to this policy

These privacy notices are current as of August 2025.

As part of the ongoing development of data protection law as well as technological or organisational changes, our privacy notices are regularly reviewed for any need for amendments or additions.