Privacy

This privacy information applies to data processing by:
Controller: Feuerbad GmbH
Dürener Str. 10
52349 Langerwehe
Germany
Email: info@feuerbad.de
Telephone: +49 01516 1488390
Commercial Register: 9849
VAT ID No: DE450736011
Managing Director: Mr Uldis Laimins

When you visit our website www.feuerbad.de, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in what is called a log file. The following information is collected without any action on your part and stored until it is automatically deleted:
• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the retrieved file,
• Website from which access was made (referrer URL),
• The browser used and, if applicable, your computer’s operating system and the name of your access provider. The data mentioned above is processed by us for the following purposes:
• Ensuring a smooth connection to the website,
• Ensuring comfortable use of our website,
• Evaluation of system security and stability,
• Further administrative purposes.
The legal basis for this data processing is Art. 6 (1) sentence 1 lit. f GDPR (General Data Protection Regulation). Our “legitimate interest” (this means a valid legal reason) follows from the purposes listed above for data collection. Under no circumstances do we use the collected data to draw conclusions about you as a person. In addition, we use cookies and analysis services when you visit our website. You can find more detailed explanations of these under sections 5 and 6 of this privacy policy.

For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. A valid email address is required so that we know who sent the request and to be able to answer it. Further information can be provided voluntarily.
Data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR on the basis of your voluntarily given consent and in the event that your contact aims at the conclusion of a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.
The personal data collected by us for the use of the contact form will be automatically deleted after your request has been processed.
Our contact form is encrypted so that the data entered there cannot be viewed by third parties.

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

· it is legally permissible and required according to Art. 6 Para. 1 S. 1 lit. b GDPR for the processing of contractual relationships with you.
We use the data you provide:
1. to fulfill and process your order,
2. your data will be passed on to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of the goods,
3. for the processing of payments, we may pass on your payment data to our house bank;
· the disclosure according to Art. 6 Para. 1 S. 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
· there is a legal obligation for disclosure according to Art. 6 Para. 1 S. 1 lit. c GDPR,
· you have given your express consent according to Art. 6 Para. 1 S. 1 lit. a GDPR.
Any other transfer of your data collected online to other third parties or use for advertising purposes does not take place.
Insofar as we pass on your data to third parties as stated above, these third parties have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. We transfer your data to service providers or partners outside the EEA if an adequacy decision by the Commission exists for the respective country.

Adequacy decisions of the Commission exist for the following countries: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Republic of Korea, Switzerland, United Kingdom under the GDPR and LED, Uruguay. The Commission’s statements on its adequacy decisions can be found at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en Regarding the transfer of data to the USA, the following applies:
Our website integrates services from providers based in the USA. Insofar as these providers are certified according to the EU–US Data Privacy Framework (DPF), the data transfer takes place on the basis of the adequacy decision of the European Commission of 10 July 2023 (Art. 45 GDPR). This ensures an adequate level of data protection.
For providers who are not certified according to the DPF, we use the standard contractual clauses of the EU Commission in accordance with Art. 46 (2) lit. c GDPR in conjunction with any supplementary measures as the basis for the transfer. However, the following applies: In the USA, US authorities and intelligence services may have access rights and options for personal data without us as the data exporter or you as the data subject noticing and without you having sufficient legal means at your disposal to prevent this or to take action against such access.

We use cookies to design our website according to requirements and to optimize it. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the place that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the overall internet offering more user-friendly and effective.

We use the following types of cookies, the scope and functionality of which are explained below:
– Transient cookies (see a)
– Persistent cookies (see b).
a) Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.
b) Persistent cookies are automatically deleted after a specified duration, which can differ depending on the cookie. You can delete cookies in the security settings of your browser at any time.

A detailed overview of the cookies and other technologies we use can be found in our Consent Manager, Cookiebot. In the Consent Manager, we list the name, provider, purpose, storage duration, and type of cookies, as well as the category the cookies belong to, i.e. whether “Necessary”, “Preferences”, “Statistics”, or “Marketing”.
Via the Consent Manager, you can accept or reject individual or all cookies separately by setting or removing a checkmark, both when you first visit the site and at any time thereafter. You must repeat these settings if you delete the Local Storage of your device or if you use a different browser or a different device. You must manually delete cookies that have already been set if you withdraw your consent.
Further cookie setting options:
You can, of course, also set your browser so that you are informed about the setting of cookies. You can then decide whether to accept or exclude the cookies.
Please note: Cookie settings differ depending on the browser:
Internet Explorer™: http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies Safari™: https://www.apple.com/uk/contact/
Chrome™: http://support.google.com/chrome/bin/answer.py?hl=en&hlrm=en&answer=95647
Firefox™: https://support.mozilla.org/en-GB/kb/cookies-allow-and-reject
Opera™: http://help.opera.com/Windows/10.20/en/cookies.html
If cookies are not accepted, the functionality of our websites may be limited. You can configure your browser settings according to your wishes and, for example, reject the acceptance of third-party cookies or all cookies.We point out that you may not be able to use all functions of this website.
We use cookies to be able to identify you for subsequent visits.
The data processed by cookies is required for the stated purposes to protect our legitimate interests and those of third parties according to Art. 6 Para. 1 S. 1 lit. f GDPR.

We use the consent management tool Cookiebot from the company Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cookiebot enables us to obtain, document, and manage user consent for cookies and tracking technologies in a legally compliant manner in accordance with the requirements of the General Data Protection Regulation (GDPR).
When you visit our website, a cookie is set that stores your consent status. Cookiebot collects and stores the following data:

Your IP address (in anonymised form),
Date and time of consent,
Browser user agent,
URL of the page accessed,
Consent status, which serves as proof,
A randomly generated key (Consent ID).
Legal basis: Processing is carried out to fulfill our legal obligation in accordance with Art. 6 Para. 1 lit. c GDPR in conjunction with Art. 7 GDPR.
Data transfer: Data is transferred to Usercentrics A/S exclusively within the EU. A data processing agreement exists in accordance with Art. 28 GDPR.
Storage duration: Your consent decision is stored for 12 months or until you change or withdraw your consent.
Further information can be found at: https://www.cookiebot.com/en/privacy-policy/

Our website is hosted by Host Europe GmbH, Hansestraße 111, 51149 Cologne, Germany. The servers are located in data centres within the European Union. For the purpose of stable and secure operation of the website, Host Europe processes both access data and communication data as part of its service.
Access data in so-called server log files: IP address, date and time of access, page accessed, referrer URL, browser type and version, operating system.
Communication data that arises when using the contact form or via email communication.
Data processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in the secure, stable and efficient provision of our website.
We have concluded a data processing agreement (DPA) with Host Europe in accordance with Art. 28 GDPR, which ensures that your data is only processed according to our instructions.
Further information on data processing by Host Europe can be found at:
https://www.hosteurope.de/AGB/Datenschutzerklaerung/

This website uses the content management system WordPress.com to analyse and regularly improve the use of our website. WordPress is distributed by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110–4929, USA.
Via the statistics obtained, we can improve our offer and make it more interesting for you as a user.
Furthermore, we use the system for measures to protect the security of the website, e.g. the detection of attacks or viruses.
Data about your operating system, your browser and hosting provider as well as IP address and geographical data are stored via WordPress. The legal basis for the use of WordPress is Art. 6 Para. 1 S. 1 lit. a GDPR.
For this evaluation, cookies are stored on your computer. The information collected in this way is stored on a server in the USA. If you prevent the storage of cookies, we point out that you may not be able to use this website to its full extent. Preventing the storage of cookies is possible through the settings in your browser.
Regarding the data transfer to the USA, please read our explanations under 4 and 6.
The privacy policy of Automattic Inc can be found at: https://automattic.com/privacy

On this website, we use the services of Google Maps. Google Maps is a service of Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en.
Via Google Maps, we can display interactive maps directly on the website and enable you to use the map function conveniently.
By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under Section 2 of this declaration is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists.
If you are logged in to Google, your data will be directly assigned to your account. If you do not wish the assignment to your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website.
Such an evaluation takes place in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website.
You have a right to object to the creation of these user profiles, whereby you must contact Google to exercise this. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policies. There you will also find further information about your rights in this regard and setting options to protect your privacy: http://www.google.co.uk/intl/en/policies/privacy . Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Regarding the data transfer to the USA, please read our explanations under 4 and 6.

Furthermore, we use so-called Facebook Pixels. The provider is Facebook Inc., 1601 S California Avenue AVE, Palo Alto, California 94304 USA or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
Information on data collection: https://www.facebook.com/policy.php;
further information on data processing: https://www.facebook.com/help/186325668085084,
http://www.facebook.com/about/privacy/your-info-on-other#applications as well as
http://www.facebook.com/about/privacy/your-info#everyoneinfo. Via the Facebook Pixel, you enable us to improve our offer and make it more interesting for you as a user. The legal basis for use is Art. 6 Para. 1 Sentence 1 lit. f GDPR. The Facebook Pixel is integrated directly by Facebook when you visit our website and can store a cookie on your device. If you subsequently log in to Facebook or visit our site while logged in, the visit to our online offer will be noted in your profile. The Facebook Pixel collects the following data types:
• Http-Header – Everything present in Http headers. Http headers are a standard web protocol sent between browser requests and servers on the internet. Http headers contain IP addresses, information about the web browser, page location, document, referrer, and the visitor to the website.
• Pixel-specific data – This includes, among other things, the Pixel ID and the Facebook cookie.
• Button – Click – Data – This includes any buttons clicked by the visitor to the website, the labels of these buttons, and any pages accessed as a result of clicking the button.
• Optional values – Conversion values, page types.
• Form field names – This includes the names of website fields such as “address” and “quantity” that are filled in when purchasing a product or service. The pixel does not collect field values.
In addition, we use the access function “Advanced Matching”. This function allows customer data such as first name, last name, email address, telephone number, or Facebook IDs to be transmitted to Facebook and enriched with existing tracking data. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that your IP address and other identifying features will be obtained and stored.
Further information on Advanced Matching can be found at:
https:///www.facebook.com/business/help/611774685654668 . We have no influence on the scope and further use of the data collected by Facebook and therefore inform you according to our level of knowledge.
Your information controlled by Facebook Ireland will be transferred or transmitted to, or stored and processed in, the USA or other third countries for the described purposes.
These data transfers are necessary to provide the services set out in the Facebook Terms of Service https://www.facebook.com/legal/terms/ and Instagram Terms of Use https://help.instagram.com/581066165581870?ref=dp. Facebook uses standard contractual clauses approved by the European Commission and relies on https://www.facebook.com/help/566994660333381?ref=dp data transfers from the EEA to the USA and other countries, where applicable, on adequacy decisions issued by the European Commission regarding certain countries.
You can object to collection by the Facebook Pixel. You can also set which types of advertisements are displayed to you within Facebook. To do this, you must access the page set up by Facebook and follow the instructions on the settings for interest-based advertising:
https://www.facebook.com/settings?tab=ads. You can also object to the use by using the opt-out procedure.
The data processed by cookies is required for the stated purposes to protect our legitimate interests and those of third parties according to Art. 6 Para. 1 S. 1 lit. f GDPR.

Tracking Tools:
The tracking measures listed below and used by us are carried out on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimisation of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned regulation. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

Google Analytics:
This website uses Google Analytics, a web tracking service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
The purpose of our use of the tool is to enable the analysis of your user interactions on websites and in apps and to improve our offer and make it more interesting for you as a user through the statistics and reports obtained.
We primarily record the interactions between you as a user of the website and our website using cookies, data on the device/browser, IP addresses and website or app activities. In Google Analytics, your anonymised IP addresses are also recorded to ensure the security of the service and to provide information about the region of the respective user (so-called “IP location determination”).
With the anonymisation function (“IP masking”), Google shortens the IP addresses by the last octet within the EU/EEA.
Google acts as a processor and we have concluded a corresponding contract with Google. The information obtained about your use of this website and the anonymised IP addresses are usually transmitted to a Google server in the USA and processed there. For these cases, Google has submitted to the EU-U.S. Data Privacy Framework. The legal basis for the processing of the information (which takes place for a maximum of [14 months]) is your granted consent (Art. 6 Para. 1 S. 1 lit. a GDPR).
Withdrawal of your consent is possible at any time without affecting the permissibility of the processing up to the withdrawal.
The easiest way to carry out the withdrawal is via our Consent Manager or by installing the browser add-on from Google, which is available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en/ .
Further information on the scope of services of Google Analytics can be found at https://marketingplatform.google.com/about/analytics/terms/en/ .
Information on data processing when using Google Analytics is provided by Google at the following link:
https://support.google.com/analytics/answer/6004245?hl=de/ .
General information on data processing, which according to Google should also apply to Google Analytics, can be found in Google’s privacy policy at https://www.google.co.uk/intl/en/policies/privacy/ .

We must point out that when data is transferred to the USA, there is a risk that your data will be processed by US authorities for control and monitoring purposes.

You have the right:
• in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject. You have the right to request information as to whether the personal data concerning you is being transferred to a third country or to an international organisation. In this context, you can request to be informed about the appropriate safeguards in accordance with Art. 46 GDPR in connection with the transfer;
• in accordance with Art. 16 GDPR, to immediately request the rectification of incorrect or the completion of your personal data stored by us;
• in accordance with Art. 17 GDPR, you can request the erasure of your personal data stored by us in the following cases:
· the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
· you withdraw your consent on which the processing was based in accordance with Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR, and there is no other legal basis for the processing.
· you object to the processing in accordance with Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Art. 21 Para. 2 GDPR.
· the personal data concerning you has been processed unlawfully.
· the erasure of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
· the personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR;
If the controller has made the personal data concerning you public and is obliged to erase it in accordance with Art. 17 Para. 1 GDPR, they shall take reasonable measures, including technical ones, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you as the data subject have requested them to erase all links to this personal data or copies or replications of this personal data.

The right to erasure does not exist insofar as the processing is necessary
· to exercise the right to freedom of expression and information;
· to fulfill a legal obligation that requires processing under the law of the Union or the Member States to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the controller;
· for reasons of public interest in the area of public health in accordance with Art. 9 Para. 2 lit. h and i as well as Art. 9 Para. 3 GDPR;
· for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, insofar as the right mentioned in Para. 1 is likely to make the achievement of the objectives of this processing impossible or seriously impair it, or · for the assertion, exercise or defence of legal claims.
• in accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data if · you contest the accuracy of the personal data concerning you for a period that enables the controller to verify the accuracy of the personal data;
· the processing is unlawful and you refuse the erasure of the personal data and instead request the restriction of the use of the personal data;
· the controller no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defence of legal claims, or
· you have lodged an objection to the processing in accordance with Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.

If the processing of the personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted according to the above-mentioned requirements, you will be informed by the controller before the restriction is lifted;
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer to another controller.
Furthermore, you have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was provided, provided that:
· the processing is based on consent according to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract according to Art. 6 Para. 1 lit. b GDPR and
· the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or in the exercise of official authority vested in the controller.;
• in accordance with Art. 7 Para. 3 GDPR, to withdraw your once-given consent at any time. As a result, we may no longer continue the data processing based on this consent for the future and
• in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

Insofar as your personal data are processed on the basis of legitimate interests according to Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right, according to Art. 21 GDPR, to lodge an objection against the processing of your personal data, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. If you wish to make use of your right of withdrawal or objection, an email to info@feuerbad.de is sufficient.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection to advertising at the above email address.

We use the current TLS encryption (Transport Layer Security) for the transmission of data on our website. The highest encryption level supported by your browser is automatically used. As a rule, 256-bit encryption (e.g. AES-256) is used. If your browser only supports weaker methods, the encryption takes place at a nonetheless secure, lower level (e.g. AES-128).
You can tell whether a page is transmitted in encrypted form by the padlock symbol in the address bar of your browser.
In addition, we use appropriate technical and organisational security measures to protect your data against manipulation, loss, destruction or unauthorised access by third parties. These measures are regularly reviewed and continuously adapted in line with technological developments.

This privacy policy is currently valid and is dated October 2025. Due to the further development of our website and offers through it or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed and printed out by you at any time on the website.