PRIVACY POLICY
Thank you for your interest in our online shop. The protection of your
personal data is important to us. Below, we provide detailed information
on how we process your data pursuant to Articles 13 and 14 GDPR.
You can change your cookie settings at any time: Change cookie settings.
§ 1 Controller and Contact Information
The controller within the meaning of Article 4(7) GDPR is:
Alukraft GmbH
Kronberger Straße 8, 63110 Rodgau, Germany
Represented by its Managing Directors Albert Gierth and Adam Rybicki
Phone: +49 69 34877946
Email: info@alukraft.store
For questions concerning data protection or the exercise of
your rights, please contact us using the contact details above.
Competent supervisory authority: The Hessian Commissioner
for Data Protection and Freedom of Information, P.O.
Box 3163, 65021 Wiesbaden, Phone: +49 611 1408-0.
§ 2 Your Rights as a Data Subject
You have the following rights with
regard to personal data concerning you:
- Right of access (Article 15 GDPR);
- Right to rectification (Article 16 GDPR);
- Right to erasure (Article 17 GDPR);
- Right to restriction of processing (Article 18 GDPR);
- Right to data portability (Article 20 GDPR);
- Right to object to processing (Article 21 GDPR);
- Right to withdraw any consent you have given at any
time with effect for the future (Article 7(3) GDPR);
- Right to lodge a complaint with a supervisory authority (Article 77 GDPR).
Right to object (Article 21 GDPR): Where we process your data on
the basis of legitimate interests (Article 6(1)(f) GDPR), you have
the right to object to such processing on grounds relating to your
particular situation. Where processing is carried out for direct
marketing purposes, you may object at any time without stating reasons.
§ 3 Data Collection When Visiting the Website (Server Log Files)
When the Website is used for informational purposes only, we collect only the
data that your browser transmits to our server and that are technically necessary
to display the Website to you and ensure its stability and security: IP address,
date and time of request, time zone difference to GMT, content of the request,
access status/HTTP status code, data volume transferred, referrer website,
browser type, operating system and language and version of browser software.
The legal basis is our legitimate interest in the secure and stable
operation of the Website (Article 6(1)(f) GDPR). The server is located
in Germany. Server log files are deleted or anonymised after seven days.
§ 4 Hosting
Our Website is hosted by an external service provider which processes
data generated in the course of operating the Website on our behalf:
OVH GmbH, St. Johanner Straße 41-43, 66111 Saarbrücken, Germany.
The server is located in Germany. The legal basis is our legitimate interest
in the secure and efficient operation of the Website (Article 6(1)(f) GDPR)
and, in the context of contract performance, Article 6(1)(b) GDPR. A data
processing agreement pursuant to Article 28 GDPR has been concluded with OVH.
§ 5 Cookies and Consent Management (Consent Banner)
(1) Our Website uses cookies and comparable technologies (e.g. HTML5
storage and tracking pixels). We use technically necessary cookies
(e.g. session and shopping basket cookies, storage of your cookie
preferences, login) on the basis of Section 25(2) TDDDG and Article
6(1)(f) or (b) GDPR; they are necessary for the operation of the shop.
(2) We use all cookies and technologies that are not strictly necessary
(particularly those for statistics and marketing; see § 13) solely with your
prior consent, pursuant to Section 25(1) TDDDG and Article 6(1)(a) GDPR.
(3) To obtain and manage your consent, we use the consent management
tool “Cookiebot” by Usercentrics A/S, Havnegade 39, 1058 Copenhagen,
Denmark. Cookiebot stores information relating to your consent for
this purpose (including a consent key, date/time, and an anonymised IP
address) as evidence of consent. The legal basis is Article 6(1)(c) GDPR
(compliance with the documentation obligation), as well as our legitimate
interest in legally compliant consent management (Article 6(1)(f) GDPR).
(4) You can access your cookie settings at any time and amend or
withdraw your consent with future effect: [insert “Cookie Settings”
link]. You may also delete or block cookies in your browser settings;
however, not all functions of the Website may then be available.
§ 6 Contacting Us
When you contact us by email, telephone, contact form or through our
enquiry form (including any attachments submitted), we process the data
you provide (e.g. name, email address, telephone number, content of your
enquiry) in order to handle your enquiry. The legal basis is Article
6(1)(b) GDPR where the enquiry relates to the conclusion or performance
of a contract, and otherwise our legitimate interest in responding to
enquiries (Article 6(1)(f) GDPR). We delete the data as soon as it is
no longer required; statutory retention obligations remain unaffected.
§ 7 Customer Account / Registration
You may create a customer account with us. For this purpose, we process
the data provided at registration. The customer account facilitates future
orders and enables you to manage your data and orders. The legal basis is
Article 6(1)(b) GDPR. You may have your customer account deleted at any
time; statutory retention obligations for order data remain unaffected.
§ 8 Order Processing
We process the data required to process your order (in particular, your name,
address, contact details and order data). The legal basis is Article 6(1)(b)
GDPR. For delivery and manufacture, we pass the required data on to the
shipping service providers involved in each case (freight forwarders/parcel
services) and, in the case of custom-made products, to the manufacturers
involved, where this is necessary for the performance of the contract.
Once the contract has been fully performed, the data will be blocked from
further use and deleted after expiry of the retention periods under tax and
commercial law (usually 6 or 10 years under Sections 257 HGB and 147 AO).
§ 9 Payment Methods
Depending on the payment method selected, we pass the necessary payment
and order data to the relevant payment service provider. The legal
basis in each case is Article 6(1)(b) GDPR (contract performance)
and, in the case of credit checks, additionally Article 6(1)(f) GDPR.
(1) Credit card and wallet payments (Apple Pay, Google Pay): Processing is
carried out via Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower,
Grand Canal Dock, Dublin, Ireland. The data required for payment processing
are transmitted to Stripe. Further information: https://stripe.com/de/privacy
(2) PayPal: When paying via PayPal, we transmit your payment data to
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449
Luxembourg. PayPal reserves the right to conduct a credit check and,
where appropriate, to transmit your data to credit reference agencies
on the basis of its legitimate interest (Article 6(1)(f) GDPR). Further
information: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
(3) Purchase on account: If you select payment by invoice, we will carry out a credit check
before concluding the contract. For this purpose, we transmit your data (name, address
and, where applicable, date of birth) to the following credit reference agencies and
receive creditworthiness information and, where applicable, scoring information from them:
- Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss;
- SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden.
The credit report may contain probability values (score values) based
on a scientifically recognised mathematical-statistical process, which
also includes, among other things, address data. The legal basis is our
legitimate interest in avoiding payment defaults (Article 6(1)(f) GDPR) and
Article 6(1)(b) GDPR. Information provided by the credit reference agencies:
https://www.boniversum.de/datenschutz/ and https://www.schufa.de/datenschutz/
(4) Bank transfer: In the event of payment in advance/by bank transfer, we
process the order data to allocate the incoming payment (Article 6(1)(b) GDPR).
§ 10 Product Reviews
When you use our review function, we store your IP address for 30 days
in order to protect against misuse. Providing your name is voluntary;
you may use a pseudonym. Following review, the review is published on
the product page. The legal basis is Article 6(1)(f) GDPR. We will delete
your review on request; an email to info@alukraft.store is sufficient.
§ 11 Email Marketing to Existing Customers
We reserve the right to use the email address provided in connection with
a purchase to send you offers for our own similar goods or services. The
legal basis is Article 6(1)(f) GDPR in conjunction with Section 7(3) of the
German Act Against Unfair Competition (UWG). You may object to this use at
any time, for example by email to info@alukraft.store, without incurring any
costs other than the transmission costs at the basic rates. We inform you of
your right to object when your data is collected and every time it is used.
§ 12 Newsletter
If you subscribe to our newsletter, we process your email address and any
further data you provide in order to send the newsletter. Subscription
is carried out using the double opt-in procedure: after you subscribe,
you will receive a confirmation email in which you confirm your
subscription. The legal basis is your consent (Article 6(1)(a) GDPR).
For distribution, we use the service “KlickTipp” provided by Klick-Tipp
Limited, 15 Cambridge Court, 210 Shepherd’s Bush Road, London W6 7NJ,
United Kingdom. Newsletter data are processed on servers in Germany. As
Klick-Tipp Limited is located in the United Kingdom (a third country), any
transfer is based on the European Commission’s adequacy decision for the
United Kingdom (Implementing Decision (EU) 2021/1772, as extended by the
Commission Decision of 19 December 2025 and valid until 27 December 2031);
an adequate level of data protection is thereby ensured. A data processing
agreement pursuant to Article 28 GDPR has been concluded with Klick-Tipp.
You may unsubscribe from the newsletter at any time and withdraw your consent,
e.g. by using the unsubscribe link in every newsletter email. Following
your unsubscribe request, your email address may be stored in a blocklist
to prevent future mailings; the legal basis is our legitimate interest in
ensuring compliance with your unsubscribe request (Article 6(1)(f) GDPR).
§ 13 Web Analytics and Marketing (only with your consent)
We use the following services only where you have previously given
your consent via our consent banner (Cookiebot). The legal basis
is Article 6(1)(a) GDPR and Section 25(1) TDDDG. You may withdraw
your consent at any time with future effect via the cookie settings.
(1) Google Tag Manager: We use Google Tag Manager from Google Ireland
Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, to manage the
integrated tags. Tag Manager itself does not create user profiles; however,
it triggers the services listed below in accordance with your consent.
(2) Google Analytics 4: for analysing user behaviour; provider: Google Ireland Ltd. This
entails processing, among other things, shortened IP addresses, device data and usage data.
(3) Google Ads (conversion tracking and remarketing): for measuring advertising
success and delivering interest-based advertising; provider: Google Ireland Ltd.
(4) Meta Pixel (Facebook/Instagram): for measuring reach and advertising success
and for interest-based advertising; provider: Meta Platforms Ireland Ltd., 4
Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We and Meta are joint
controllers (Article 26 GDPR) for the collection of data by means of the pixel
and its transmission to Meta; Meta alone is responsible for further processing.
(5) Visable: For analytics and marketing purposes, we use tracking-pixel
technology from Visable GmbH, Am Sandtorkai 50, 20457 Hamburg, to create
pseudonymised user profiles. No personal identification takes place.
Third-country transfers: When using Google and Meta services, personal data
may be transferred to the parent companies Google LLC and Meta Platforms,
Inc. in the United States. These companies are certified under the EU-US
Data Privacy Framework; the transfer is based on the European Commission’s
adequacy decision of 10 July 2023 (Implementing Decision (EU) 2023/1795), and
is additionally safeguarded by standard contractual clauses. A residual risk of
access by US authorities remains. Transfers take place only with your consent.
§ 14 Data Security
We take appropriate technical and organisational measures
to protect your data against loss and unauthorised access.
In particular, data transmission on our Website is secured
by SSL/TLS encryption. Please note that data transmission
over the Internet (e.g. by email) may have security gaps;
complete protection against third-party access is not possible.
§ 15 Current Version and Amendments to this Privacy Policy
This Privacy Policy is currently valid. It may become necessary to
amend this Privacy Policy as a result of the continued development
of our Website or changes in statutory or regulatory requirements.
Last updated: 29 June 2026