Privacy policy

of Fehn GmbH & Co. KG for Website and Online Store

Last updated: March 17, 2026

We are very pleased about your interest in our company. Protecting your personal data is very important to us.

Your personal data is processed in accordance with the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) and the applicable country-specific data protection regulations. With this Privacy Policy, we would like to inform you, among other things, about the collection and storage of personal data, the nature and purpose of its use, the respective legal basis, and your rights.

Contents

1. Name and Contact Details of the Controller

This Privacy Policy applies to data processing by:

Fehn GmbH & Co. KG
Badergasse 58, 96472 Rödental
Germany
Tel: +49 (0) 9563 7499-0
Fax: +49 (0) 9563 7499-30
Email: info@fehn.de

Further information can be found in our Imprint.

2. Definitions

In our Privacy Policy, we use, among others, the following terms, which we would like to explain below:

2.1 Personal Data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2 Data Subject

A data subject is any identified or identifiable natural person whose personal data is processed by the Controller responsible for the Processing.

2.3 Processing

Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.4 Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of personal data. Where the purposes and means of such Processing are determined by Union law or the law of the Member States, the Controller or the specific criteria for its nomination may be provided for by Union law or the law of the Member States.

2.5 Consent

Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the Processing of personal data relating to them.

3. Data Processing When Contacting Us and Placing Orders

Description and Scope of Data Processing

We collect personal data when you voluntarily provide it to us when contacting us by email, via the contact form or when placing an order. The data collected can be seen from the respective input forms. We use the data provided by you to process your enquiries and to fulfil the contract.

After complete fulfilment of the contract, your personal data will initially be restricted for further Processing and deleted after expiry of the retention periods required under tax and commercial law, unless you have expressly consented to further use of your data or further Processing is legally permitted.

Purpose of Data Processing

The Processing of personal data when contacting us is carried out for the implementation of pre-contractual measures or for the fulfilment of a contract pursuant to Art. 6 para. 1 lit. b GDPR.

Legal Basis for Data Processing

The Processing of personal data in connection with orders placed in our online store is carried out for the fulfilment of a contract pursuant to Art. 6 para. 1 lit. b GDPR. Insofar as Processing is necessary for compliance with legal obligations, it is carried out on the basis of Art. 6 para. 1 lit. c GDPR.

Data Processing for Postal or Email Advertising, Right to Object

If you are an entrepreneur, we process your company name, postal address and – insofar as collected within the scope of the contractual relationship and permissible within the legal framework, in particular under Section 7 UWG – your professional or industry designation and your email address in order to inform you about our own products and offers.

The Processing of your data for these purposes is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in direct advertising for our own products.

You may object to the Processing of your personal data for advertising purposes at any time. A notification to the contact details provided above is sufficient for this purpose.

4. Data Processing When Visiting Our Website / Online Store

4.1 Log Files

Description and Scope of Data Processing

When accessing our website, information is automatically transmitted by the browser used on your device to the servers of Shopify International Limited. This information is temporarily stored in so-called log files.

The content of our website is provided via Shopify’s technical infrastructure, including the use of content delivery networks (CDN) that are part of Shopify’s hosting services.

In particular, the following data is processed:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your device
  • Name of your access provider

The Processing of log file data is carried out by Shopify on our behalf. Further information on data Processing by Shopify can be found in Shopify’s Privacy Policy: https://www.shopify.com/de/legal/privacy/consumers

Purpose of Data Processing

The Processing of the above-mentioned data is carried out for the following purposes:

  • Ensuring a smooth connection to the website
  • Ensuring system security and stability
  • Technical administration of the website

Legal Basis for Data Processing

The legal basis for the Processing of log file data is Art. 6 para. 1 lit. f GDPR.

Our legitimate interest follows from the purposes listed above, in particular from the interest in the secure and uninterrupted provision of our website.

The log file data is not used for any other purposes, in particular not for profiling or analysing user behaviour.

4.2 Cookies

Description and Scope of Data Processing

Like many other websites, we also use “cookies”, small text files that make it possible to store specific device-related information on the user’s access device (PC, tablet, smartphone).

Further information can be found in the Shopify Cookie Policy: https://www.shopify.com/de/legal/cookies

Detailed information about cookies, for example how to identify which cookies have been set and how to manage and delete them, can be found on the following website: https://allaboutcookies.org/

Legal Basis for Data Processing

The legal basis for the use of cookies is Art. 6 para. 1 sentence 1 lit. a GDPR in the event of your Consent, otherwise our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. Details can be found below in the description of the respective cookies.

Description and Scope of Data Processing

We use the cookie consent tool of Shopify International Limited, Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), in order to obtain valid user Consent for cookies and cookie-based applications requiring Consent. By integrating a corresponding JavaScript code, users are shown a cookie banner when accessing our website, through which they can actively decide whether and to what extent they consent to the use of cookies and comparable technologies requiring Consent. The cookie consent tool ensures that cookies and cookie-based applications requiring Consent are only set or activated once the respective user has given their Consent. The user’s consent status is stored and taken into account on subsequent page visits.

Purpose of Data Processing

The cookie consent tool serves the purpose of obtaining, managing and documenting user Consent for the use of cookies and comparable technologies in a legally compliant manner. For this purpose, technically necessary information is processed when accessing our website in order to store the Consent settings selected by the user and to take them into account on subsequent page visits. This information may also include personal data such as the IP address and is transmitted to and processed on Shopify servers.

Legal Basis for Data Processing

The Processing of personal data within the framework of the cookie consent tool is carried out for compliance with a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR. As Controller, we are legally obliged to make the use of technically unnecessary cookies and comparable technologies dependent on the prior Consent of the user. Insofar as technically necessary information is processed beyond this within the framework of consent management, such Processing is additionally based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in a legally compliant, user-friendly and efficient management of Consent. The Processing is carried out on the basis of a Data Processing Addendum concluded with Shopify International Limited that fulfils the requirements of Art. 28 GDPR.

Further Information

Further information on data use by Shopify can be found at https://www.shopify.com/de/legal/datenschutz

4.4 Shopify Analytics

Description and Scope of Data Processing

Within our online store, we use the analysis functions of Shopify Analytics, a service provided by Shopify International Limited, 2nd Floor Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”). Shopify Analytics enables us to analyse the use of our online store in order to obtain information about visitor numbers, page views, purchasing behaviour, ordering processes and technical information.

In particular, the following data may be processed:

  • Pages and content accessed
  • Length of stay and click behaviour
  • Devices, browsers and operating systems used
  • Approximate location data (e.g. country or region)
  • Order and transaction data in aggregated form

The data is generally analysed in aggregated and anonymised form. We do not directly identify individual users.

Purpose of Data Processing

The Processing of data is carried out for the statistical evaluation of the use of our online store, the analysis of user behaviour and the optimisation of our offers, content and sales processes.

Legal Basis for Data Processing

The use of Shopify Analytics is carried out – insofar as technically unnecessary cookies or comparable technologies are used – exclusively on the basis of your Consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG.
Insofar as Processing takes place without the use of cookies requiring Consent, it is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in analysing and optimising our online offering.

Further Information

Further information on data Processing by Shopify can be found in Shopify’s Privacy Policy at: https://www.shopify.com/de/legal/datenschutz

4.5 Meta/Facebook Pixel and Conversions API

Insofar as we place Meta advertisements, we use the visitor action pixel of Meta (formerly Facebook) as well as the server-side Meta Conversions API on our website. The provider of these services is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

The data may also be transmitted by Meta to servers of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA.

Purpose of Data Processing

The use of the Meta Pixel and the Meta Conversions API serves the purpose of:

  • Creating visitor groups for Meta advertisements (retargeting)
  • Measuring the effectiveness of Meta advertisements (conversion tracking)
  • Optimising future advertising measures

Type of Data Processed

In particular, the following information may be processed:

  • Visited pages
  • Interactions (e.g. page views, shopping cart, purchases)
  • Technical information (e.g. IP address, user agent)
  • Transaction data (e.g. product, shopping cart value, currency)

As a rule, we do not receive any directly identifying personal data from Meta, but only aggregated evaluations.

Joint Controllership

Insofar as personal data is transmitted to Meta within the framework of the Conversions API, this Processing is carried out under joint controllership pursuant to Art. 26 GDPR with Meta Platforms Ireland Limited. The joint controllership is limited to the collection and transmission of data to Meta. Subsequent Processing by Meta is outside our area of responsibility.

The agreement on joint controllership is available at:
https://www.facebook.com/legal/controller_addendum

Legal Basis

The use of the Meta Pixel and the Meta Conversions API is carried out exclusively on the basis of your Consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent can be revoked at any time via the cookie settings.

Your Cookie Settings

Change Cookie Settings

Third Country Transfer

For data transfers to the USA, an adequacy decision of the European Commission exists (EU-US Data Privacy Framework). Meta Platforms, Inc. is certified accordingly.

Assertion of Data Subject Rights

Meta is responsible for the data security of Meta/Facebook products. Data Subject Rights, such as requests for information regarding data processed by Meta/Facebook, can be asserted directly with Meta. If you assert your Data Subject Rights with us, we are obliged to forward them to Meta.

Further Information

Further information on the protection of your privacy can be found in Meta’s privacy notices at: https://de-de.facebook.com/about/privacy/.

You can also deactivate the “Custom Audiences” remarketing function in the advertisement settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook to do so.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance at: https://www.youronlinechoices.com/de/praferenzmanagement/

Details on the standard contractual clauses of the European Commission can be found at: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_de, https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381

4.6 YouTube

Description and Scope of Data Processing

We integrate videos from the YouTube service on individual pages of our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

For the integration, we use YouTube’s enhanced privacy mode. For this purpose, the domain youtube-nocookie.com is used for embedding. Google describes this mode as “Privacy Enhanced Mode” for embedded players.

The videos are not automatically loaded on our website, but only after active confirmation by the user. Only after this confirmation is a connection established to YouTube or Google servers. In particular, the following data may be processed:

  • IP address
  • Information about the browser and device used
  • URL of the accessed page
  • Further usage data in connection with video playback, if applicable

Google points out that when embedded content is used, the browser automatically transmits certain information to Google, in particular the URL of the visited page and the IP address.

Purpose of Data Processing

The Processing is carried out for the purpose of user-friendly provision of video content on our website. We use the integration in particular for the presentation of product information, audio samples and supplementary media content.

Legal Basis for Data Processing

The integration of YouTube videos and the loading of the embedded player are carried out exclusively on the basis of your Consent pursuant to Art. 6 para. 1 lit. a GDPR.

Insofar as information is stored on your device or access to such information takes place in connection with loading the video, this is additionally carried out on the basis of Section 25 para. 1 TDDDG.

Withdrawal of Consent

You may revoke your Consent at any time with effect for the future. The lawfulness of Processing carried out before the revocation remains unaffected.

Further Information

Further information on data Processing by Google and YouTube can be found at: https://policies.google.com/privacy

5. Eye-Able® Accessibility Features

Eye-Able® Assist is software provided by Web Inclusion GmbH that enables all people to access information on the internet with reduced barriers. The necessary files such as JavaScript, stylesheets and images are loaded from an external server. When functions are activated, Eye-Able® Assist uses the browser’s local storage in order to save the selected settings. All settings are stored locally only and are not transmitted further. In order to defend against attacks and provide our service almost in real time, Eye-Able® Assist uses the content delivery network (CDN) of BunnyWay d.o.o. (Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia). The use is carried out for the fulfilment of a contract towards our customers (Art. 6 para. 1 lit. b GDPR) and in our legitimate interest in the secure, fast and efficient provision of our online offering through a professional provider (Art. 6 para. 1 lit. f GDPR). All transmitted data and servers remain within the EU at all times in order to ensure GDPR-compliant Processing. Web Inclusion GmbH does not collect or analyse personal user behaviour or other personal data at any time. In order to ensure GDPR-compliant Processing, Web Inclusion GmbH has concluded Data Processing Agreements with our hosting provider BunnyWay. Further information can be found in the Privacy Policies:

6. Data Disclosure for Contract Fulfilment

For the fulfilment of the contract, we disclose your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. For the processing of payments, we disclose the required payment data to the credit institution commissioned with the payment and, where applicable, to payment service providers commissioned by us or selected by you during the ordering process.

The legal basis for data Processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

6.1 Payment Services

We integrate payment services of third-party companies on our website. If you make a purchase from us, your payment data (e.g. name, payment amount, bank details, credit card number) is processed by the payment service provider for the purpose of payment processing. The respective contractual and privacy provisions of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6 para. 1 lit. b GDPR (contract fulfilment) and on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in ensuring a smooth, convenient and secure payment process. Insofar as your Consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data Processing; Consent may be revoked at any time with effect for the future.

The following payment services / payment service providers are used within the framework of this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”).

Data transfers to the USA are based on the standard contractual clauses of the European Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full

Further details can be found in PayPal’s Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Shopify Payment

The provider of this payment service within the EU is Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify Payment”).

Further details can be found in Shopify Payment’s Privacy Policy: https://www.shopify.de/legal/datenschutz.

6.2 Accounting and ERP System

For the processing of our business operations, in particular invoicing, accounting, merchandise management and compliance with statutory retention and documentation obligations, we process personal data using an ERP system.

Within the framework of the ERP system, the following personal data may in particular be processed:

  • Name and address
  • Contact details (e.g. email address)
  • Order, invoice and payment data
  • Tax-relevant information

The Processing is carried out exclusively for the purpose of contract fulfilment and compliance with obligations under commercial and tax law.

Legal Basis for Data Processing

The Processing of data is carried out pursuant to Art. 6 para. 1 lit. b GDPR for the fulfilment of a contract and pursuant to Art. 6 para. 1 lit. c GDPR for compliance with legal obligations, in particular under commercial and tax law.

The data is stored only for as long as necessary for the fulfilment of the aforementioned purposes and statutory retention periods.

6.3 Shipping Service Provider

For the delivery of the goods ordered by you, we disclose your personal data to the shipping company commissioned by us, insofar as this is necessary for the delivery of the goods.

For this purpose, we use the services of General Logistics Systems Germany GmbH & Co. OHG (GLS), GLS Germany-Straße 1–7, 36286 Neuenstein, Germany.

Within the framework of shipping processing, the following personal data may in particular be transmitted to GLS:

  • Name and address
  • Different delivery address, if applicable
  • Email address or telephone number, if applicable (e.g. for delivery notifications)

The disclosure of data is carried out exclusively for the purpose of delivering the ordered goods.

Legal Basis for Data Processing

The Processing of your personal data is carried out pursuant to Art. 6 para. 1 lit. b GDPR for the fulfilment of the purchase contract concluded with you. Further information on data Processing by GLS can be found in GLS’s Privacy Policy at: https://www.gls-pakete.de/datenschutzerklaerung

7. Other Disclosure of Data

Your personal data will not be transmitted to third parties for purposes other than those listed above. We only disclose your personal data to third parties if:

  • you have given your express Consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR;
  • the disclosure is necessary pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data;
  • the disclosure is carried out pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in the interest of the user-friendliness of our website and the improvement of our offering and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data;
  • there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR; and
  • this is legally permissible and necessary pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you.

8. Data Subject Rights

You have the right:

  • pursuant to Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of Processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of Processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, where applicable, meaningful information about its details;
  • pursuant to Art. 16 GDPR to request without undue delay the rectification of inaccurate personal data stored by us or the completion of your personal data;
  • pursuant to Art. 17 GDPR to request the erasure of your personal data stored by us, unless the Processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
  • pursuant to Art. 18 GDPR to request restriction of Processing of your personal data insofar as the accuracy of the data is contested by you, the Processing is unlawful but you oppose the erasure, we no longer need the data, but you require it for the assertion, exercise or defence of legal claims, or you have objected to Processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another Controller;
  • pursuant to Art. 7 para. 3 GDPR to revoke your Consent at any time with effect for the future. This means that we may no longer continue the data Processing based on this Consent in the future; and
  • pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority if you believe that the Processing of your personal data is not lawful. As a rule, you may contact the supervisory authority of your habitual residence, place of work or our registered office.

9. Right to Object

Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right pursuant to Art. 21 GDPR to object to the Processing of your personal data, insofar as there are reasons arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without requiring a particular situation.

If you wish to exercise your right of revocation or objection, an email to widerruf@fehn.de is sufficient.

10. Data Security, Validity and Changes to this Privacy Policy

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the website operator, our website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the browser address line changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Furthermore, we use suitable technical and organisational security measures in order to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

The content of our Privacy Policy is reviewed regularly.

Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to amend this Privacy Policy. We therefore reserve the right to amend the Privacy Policy at any time with or without prior notice. Please inform yourself independently about any changes.

The current version of the Privacy Policy can be accessed and printed at any time on our website.