Privacy policy

1. General

1.1 What is personal data

Personal data is information that discloses or can disclose the user's identity. We adhere to the principle of data avoidance. Therefore, as far as possible, we refrain from collecting personal data.

1.2 Handling of personal data

Personal data is used exclusively to establish the contract, define its content, and implement or process the contractual relationship (Art. 6 (1 b) GDPR).

Beyond that, personal data will only be processed if we have received your consent to do so (Art. 6 (1 a) GDPR) or if it is data whose processing is necessary for our legitimate interests and insofar as the balancing process shows that no overriding interests, fundamental rights or freedoms on your part are opposed (Art. 6 (1 f) GDPR).

We may use order processors to process your personal data, but will not pass on the personal data to third parties beyond this as a matter of principle.

Only for the fulfillment of the contract the data will be passed on to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. The payment data required for the processing of payments

The processing of your personal data takes place exclusively within the E.U., unless otherwise stated below.

1.3 Usage data

When visiting the website and App, general technical information is collected. This is the I.P. address used, time, duration of the visit, browser or device type and, if applicable, the page of origin. This usage data is registered in a log file for technical reasons and can be used and stored for the purpose of statistical evaluation of this website or App. A linkage of this usage data with your other personal data does not take place.

1.4 Registration data

Registration is required for the extensive use of our website or App functions. The registration data is collected through your corresponding entries and used for the expressly stated purpose by your consent (Art. 6 (1 f) GDPR).

1.5 Data access

Through your consent after downloading the App, we gain access to the following types of data:

  • End device
  • Type of the end device
  • Time zone
  • Country of origin
  • Photos/media/data
  • Camera

This data is required for the user's assignment and our app's functions. In particular, however, it is also intended to prevent misuse by the user.

1.6 Push Services

Our App also uses push services of the operating system manufacturers. After downloading the App, the mobile device registers with the corresponding push service of the platform (iOS - Apple Push Notification Service; Android - Google Cloud Messaging). The service then sends the registration I.D. (Android) or token (iOS) to the registered device; the I.D. or receipt is sent by the App to the server and stored there in a database. If a push notification is to be sent, the server sends the desired message with registration I.D./token to the platform's push service, which forwards the push message to the respective devices.

We use push notifications to inform you about events within the App that may require your special attention or a response on your part.

Consent is requested during initial setup of the App and/or later on occasion.

You can suspend receiving push notifications when not using the App by explicitly logging out of the App. Through the operating system, you can revoke consent to receive push notifications as follows:

iOS/Settings/[Name of App]/Messages
Android/Settings/Applications/Application Manager/[Name of App]/Notifications

1.7 Duration of storage

We store your personal data after the termination of the purpose for which the data was collected only as long as required by law (especially tax law).

2. Your rights

2.1 Information

You can request information from us as to whether we are processing personal data about you and if so, you have a right to be informed about this personal data and to receive further information referred to in Art. 15 of the GDPR.

2.2 Right to rectification

You have the right to rectification of inaccurate personal data concerning you and may request the completion of incomplete personal data following Art. 16 GDPR.

2.3 Right to erasure

You have the right to demand that we delete the personal data concerning you without undue delay. We are obliged to delete them without delay, in particular if one of the following reasons applies:

  • Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You revoke your consent on which the processing of your data was based and there is no other legal basis for the processing.
  • Your data has been processed unlawfully.

The right to erasure does not exist insofar as your personal data is required to assert, exercise or defend our legal claims.

2.4 Right to restriction of processing

You have the right to demand that we restrict the processing of your personal data if

  • you dispute the accuracy of the data and we, therefore, verify the accuracy,
  • the processing is unlawful and you refuse the deletion and demand the restriction of use instead
  • we no longer need the data, but you need it to assert, exercise or defend legal claims,
  • you have objected to processing your data and it has not yet been determined whether our legitimate reasons outweigh your reasons.

2.5 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent or a contract. The processing is carried out by us with the help of automated processes.

2.6 Right of withdrawal

Insofar as the processing of your personal data is based on consent, you have the right to revoke this consent at any time.

2.7 General and right of appeal

The exercise of your above rights is generally free of charge for you. However, in the event of complaints, you have the right to directly contact the supervisory authority responsible for us, the State Data Protection Officer.

3. Data security

3.1 Data security

Technical and organizational measures secure all data on our website and in our App against loss, destruction, access, modification and distribution.

3.2 Sessions and cookies

To operate the website, we use cookies or server-side sessions in which data can be stored. We ensure that no personal data is taken from sessions or through cookies without your express consent and that cookies are only used if this is technically necessary for the website (e.g. spam protection for contact form, shopping cart function) and thus the weighing shows that there are no overriding interests on your part (Art. 6 (1 f) GDPR) or there is express consent on your part.

We use cookies after your explicit consent to personalize content and ads, offer social media features, and analyze access to our website. We may share information about your use of our website with our social media, advertising and analytics partners with your consent. Our partners may be able to merge this information with other data that the partners already have about you.

4. Newsletter

If you register for our newsletter, we will use the data required for this purpose or separately provided by you to regularly send you our e-mail newsletter based on your consent by Art. 6 (1 a) GDPR.

Unsubscribing from the newsletter is possible at any time and can be done either by sending us a message via the contact options provided in the imprint or via the link provided for this purpose in the newsletter. After unsubscribing, we will delete your e-mail address unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

5. Comments and ratings

Insofar as you use the comment or rating function on our website or in our App, in addition to these comments and ratings, the time of creation, your possibly chosen pseudonym and temporarily also your I.P. address will be stored. This is done to protect our rights in the event of illegal content.

6. Presence on social media platforms

We use the following social media platforms for company presentation and communication (explicit reference is made to the privacy statements and opt-out options linked below).

Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland).
Privacy policy and opt-out:

Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland).
Privacy policy:

These social media platforms may process personal data outside the E.U., we refer in this respect to the above privacy statements of the social media platforms. The respective social media platforms may create usage profiles from your usage behavior and the resulting interests and actions on your part and store cookies on your terminal device in which your usage behavior is stored. If you have an account on the respective social media platform and are logged in, your usage behavior may even be stored independently of the device. For example, your usage profile can be used to place advertisements that presumably correspond to your interests.

We process the personal data exclusively for communicating with you via the social media platform you have chosen and for optimizing our online presence and ensure that no interests of yours are affected here that outweigh this legitimate interest on our part (Art. 6 (1 f) GDPR). Insofar as you have already given the respective operator of the social media platform effective consent to the corresponding data processing, the processing of your personal data will also be based on this consent (Art. 6 (1 a) GRPD).

7. Third party services

7.1 Use of Matomo

This website uses Matomo (developed by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand). This is a web analytics service. Matomo uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website (including your shortened I.P. address) is transmitted to our server and stored for usage analysis purposes, optimizing the website on our part. Your I.P. address is immediately anonymized during this process, so you remain anonymous to us as a user. Matomo is only used with your consent (Art. 6 (1 a) GDPR). The information generated by the cookie about your use of this website will not be disclosed to third parties. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. If you do not agree to the storage and evaluation of this data from your visit, then you can object to the storage and use at any time. In this case, a so-called opt-out cookie will be placed in your browser, meaning Matomo will not collect any session data. Attention: If you delete your cookies, this has the consequence that the opt-out cookie is also deleted and may have to be reactivated by you. Here you can find the link to deactivate Matomo:

You can view Matomo's privacy policy here:

7.2 Social media links and social sharing

We have our own social media pages with the third-party providers that can be reached via links from this website or App. By using the links, you can access the respective websites of the third-party providers (e.g. Facebook, Twitter, Instagram) and also share content. Here, no data transfer takes place by calling up our website or App. To avoid unnecessary data transfer, we recommend logging out of the respective third-party provider before using a corresponding link, so the third-party provider cannot create that usage profiles simply by using the link.

7.3 Affiliate links and advertising

We place affiliate and advertising links or banners to certain third-party providers on our website and in our App. These links/banners generate revenue (advertising reimbursements) when purchases are made from the respective third-party provider via this link/banner or when its page is accessed. The third-party provider may use cookies to identify the origin of the orders or the call. However, this does not affect our website or App use and does not create any obligation to purchase. Legal affiliate and advertising links or banners are only intended to facilitate your purchase. In addition, the respective data protection provisions of the third-party providers apply.

7.4 Use of Youtube

This website, our App and the integrated offers contain so-called embeddings of videos on YouTube. These enable the connection to YouTube and the videos stored there. YouTube is an offer of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The use of YouTube takes place only with your consent (Art. 6 (1 a) GDPR). For the purpose and scope of data collection and use by Google, as well as your rights and settings GDPR for protection as a customer of YouTube, please refer to the privacy policy of YouTube. These can be found at:

7.5 Use of Vimeo

This website, our App and the integrated offers also contain so-called embeddings of videos on Vimeo. These enable the connection to Vimeo and the videos stored there. Vimeo is operated by Vimeo, Inc. 555 West 18th Street, New York, New York 10011, USA. Vimeo is only used with your consent (Art. 6 (1 a) GDPR). For the purpose and scope of data collection and use by Vimeo, as well as your rights and settings options for protection as a customer of Vimeo, please refer to the privacy policy of Vimeo. These can be found at:

7.6 CCM19

We use the cookie banner tool from CCM19 (operated by Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn) to fulfill the legal obligation according to Art. 7 I GDPR. CCM19 collects, among other things, the consent data (e.g. consent yes/no, timestamp). The legal basis for processing the data is Art. 6 (1 c) GDPR. The aim is to know the preferences of the users and to implement them accordingly, as well as to document them in a legally secure manner. The data is deleted as soon as it is no longer required for logging and there are no legal retention obligations to the contrary.

Further information on data protection at CCM19 can be found at:

7.7 Google Translate

Suppose you use our translation tool on our platform. In that case, you also agree that we transmit the entries in the text field to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google Translate) to arrange for a translation of this text so that it can be displayed on our website. You then also agree according to Art. 49 (1 a) GDPR that Google will process your data in the USA.

Accordingly, the data processing and/or data transfer will take place outside the European Union, Andorra, Argentina, Canada (only for commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan and the United Kingdom. However, only for these countries, except for the countries of the European Union which are classified as safe anyway, there is an adequacy decision (Art. 45 GDPR) of the European Commission regarding the data transfer. Therefore, data transfer to other countries is at least not explicitly permitted. If a data transfer is to take place, the processor must ensure by other means that the personal data are adequately protected at the recipient. This can be done through the use of standard data protection clauses (Art. 46 GDPR), in the case of data transfers within a corporate group through so-called Binding Corporate Rules, through an obligation to comply with codes of conduct that have been declared generally applicable by the Commission, or through certification of the processing operation. The standard contractual clauses adopted by the European Commission can be found here:

The European Court of Justice assesses the United States as a country with insufficient data protection by E.U. standards. In particular, there is a risk that your data may be processed by U.S. authorities, for control and for monitoring purposes, possibly without redress. If you do not consent, the transfer described above will not occur, but you will also not be able to use the translation tool. Google Translate is only used with your consent (Art. 6 (1 a) GDPR).

Please note that Google grants itself a license to your texts and that you also agree to this when you use the translation tool.

You can find more information in Google's terms of use:

You can view Google's privacy policy here:

7.8 Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.

Data are stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

For more information about Google reCAPTCHA please refer to the Google Data Privacy Declaration and Terms Of Use under the following links: and

8. Contacting us

To contact us regarding data protection, please feel free to contact us using the contact options below. Responsible party in the sense of the GDPR:

Glowbit Ltd.
Agiou Georgiou 18
Philippos Complex 1
8220 Paphos

Phone: +357 26 0208 50