Privacy - The Book Cover Designer

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Michael Natzmer, GM MEDIA, Isarweg 19a, 51061 Cologne, Germany, Tel.: 0221-96616911 (no telephone support), Email: [email protected]. The controller of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website for purely informational purposes, i.e., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the page server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time at the moment of access
Amount of data sent in bytes
Source/reference from which you reached the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser bar.

3) Hosting & Cloud Computing

3.1 For the hosting of our website and the display of page content, we use the cloud computing services of the following provider: Akamai Technologies, Inc., 145 Broadway, Cambridge, MA 02142, USA.

All data collected on our website is processed on the servers of this provider. For data transfers to the USA, the provider relies on the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission, as well as Standard Contractual Clauses.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

4) Cookies

To make your visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called “session cookies”), while some cookies remain on your end device longer and enable page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.

Insofar as personal data is also processed by individual cookies used by us, the processing takes place in accordance with Art. 6 (1) (b) GDPR either for the execution of the contract, in accordance with Art. 6 (1) (a) GDPR in the case of consent granted, or in accordance with Art. 6 (1) (f) GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting Us

When contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your request and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR. If your contact aims at a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

6) Data Processing When Opening a Customer Account

In accordance with Art. 6 (1) (b) GDPR, personal data continues to be collected and processed to the extent necessary if you provide it to us when opening a customer account. Which data is required for opening an account can be seen from the input mask of the corresponding form on our website.

Deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the controller. After the deletion of your customer account, your data will be deleted, provided that all contracts concluded through it have been fully processed, no statutory retention periods stand in the way, and there is no legitimate interest on our part in further storage.

7) Use of Customer Data for Direct Marketing

Subscription to our email newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing further data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive newsletters if you have expressly confirmed your consent to receive the newsletter by clicking a verification link sent to the email address provided.

By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 (1) (a) GDPR. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your email address at a later date. The data collected by us when registering for the newsletter will be used strictly for its intended purpose.

You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the controller mentioned at the beginning. After unsubscribing, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve a further use of data that is legally permitted and about which we inform you in this declaration.

8) Data Processing for Order Fulfillment

8.1 Insofar as necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) (b) GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data transmitted by you when ordering in order to inform you personally within the framework of our statutory information obligations in accordance with Art. 6 (1) (c) GDPR. Your contact details will be used strictly for notifications about updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information.

For the processing of your order, we also work together with the following service provider(s) who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

8.2 Use of Payment Service Providers (Payment Services)

– Paypal

One or more online payment methods of the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method of the provider where you make advance payment, your payment data communicated during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to them in accordance with Art. 6 (1) (b) GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.

If you select a payment method where we make advance performance, you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if applicable, data on an alternative means of payment).

In order to safeguard our legitimate interest in determining your solvency in such cases, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 (1) (f) GDPR. Based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience), the provider checks whether the payment option you selected can be granted with regard to payment and/or default risks.

The credit report can contain probability values (so-called score values). Insofar as score values flow into the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical method. Address data, among other things, but not exclusively, is included in the calculation of the score values.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
– Stripe

On this website, one or more online payment methods of the following provider are available on this website: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland

If you select a payment method of the provider where you make advance payment (such as credit card payment), your payment data communicated during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to them in accordance with Art. 6 (1) (b) GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.

If you select a payment method where the provider makes advance performance (such as purchase on account or installments or direct debit), you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if applicable, data on an alternative means of payment).

In order to safeguard our legitimate interest in determining the solvency of our customers, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 (1) (f) GDPR. Based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience), the provider checks whether the payment option you selected can be granted with regard to payment and/or default risks.

8.3 Electronic Withdrawal Function for Distance Contracts

Consumers who conclude contracts on this website where a statutory right of withdrawal exists have the option to declare the withdrawal via an electronic withdrawal function in accordance with the applicable withdrawal provisions.

For the provision of the electronic withdrawal function, we use a solution from the following provider: MarketPress GmbH, Karcherallee 13 01277 Dresden.

When using the withdrawal function, in addition to information for identifying the contract to be withdrawn, other personal information such as the first and last name as well as the email address of the consumer must be provided or confirmed.

This information is initially collected by the provider on the basis of our legitimate interest in a user-friendly, stable, and process-optimized solution in accordance with Art. 6 (1) (f) GDPR, then used to confirm receipt of the declaration of withdrawal on our behalf by email, and finally transmitted to us. We subsequently process the transmitted information for the proper handling of the withdrawal in accordance with Art. 6 (1) (b) GDPR and Art. 6 (1) (c) GDPR on the basis of our legal obligation to provide an electronic withdrawal function for consumer distance contracts subject to a charge.

The information collected by the provider is routinely deleted after the final processing of a withdrawal, provided that there are no statutory retention obligations to the contrary.

We have concluded a data processing agreement with the provider that protects data processed within the framework of the withdrawal function and prohibits unauthorized disclosure to third parties.

9) Web Analysis Services

Koko Analytics

This website uses the web analysis service of the following provider: ibericode BV, St. Jacobslaan 51, 6533BP Nijmegen, Netherlands

With the help of cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading end device and browser information), the service collects and stores pseudonymized visitor data, including information on the end device used such as the IP address and browser information, in order to evaluate it for statistical analysis of user behavior on our website and to create pseudonymized usage profiles. Among other things, this makes it possible to evaluate movement patterns (so-called heatmaps), which show the duration of page visits as well as interactions with page content (e.g., text entries, scrolling, clicks, and mouse-overs). Pseudonymization fundamentally excludes direct personal reference. Merging with clear data about your person collected in any other way does not take place.

All processing operations described above, in particular the reading or storing of information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by disabling this service in the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

10) Page Functionalities

10.1 YouTube

This website uses plugins for displaying and playing videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transmitted to: Google LLC., USA

When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the provider’s servers at the latest at the time of video playback in order to load the content. In doing so, certain information, including your IP address, is transmitted to the provider.

If the playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behavior, generate playback statistics, and prevent abusive behavior.

If you are logged into a user account with the provider during your visit to the page, your data will be directly assigned to your account when you click on a video. If you do not wish it to be assigned to your account, you must log out before pressing the playback button.

All the aforementioned processing operations, in particular the setting of cookies for reading information on the end device used, take place only if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by disabling this service via the “cookie consent tool” provided on the website.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

11) Tools and Miscellaneous

11.1 Lexware Office

For handling accounting, we use the cloud-based accounting software service of the following provider: Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany

The provider processes incoming and outgoing invoices as well as, if applicable, our company’s bank movements in order to automatically record invoices, match them to transactions, and create the financial accounting from this in a semi-automated process.

Insofar as personal data is also processed in this context, the processing is based on our legitimate interest in an efficient organization and documentation of our business transactions in accordance with Art. 6 (1) (f) GDPR.

11.2 Cookie Consent Tool

This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “cookie consent tool” is displayed to users when they call up the page in the form of an interactive user interface on which consent can be given for certain cookies and/or cookie-based applications by ticking a box. By using the tool, all cookies/services requiring consent are only loaded if the respective user gives the corresponding consent by ticking the box. This ensures that such cookies are only set on the user’s end device if consent has been granted.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this takes place in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies and thus in a legally compliant design of our website appearance.

Another legal basis for processing is Art. 6 (1) (c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically unenforceable cookies dependent on the respective user’s consent.

Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

11.3 Cloudflare

For security purposes, this website uses the service of the following provider: Cloudflare, Inc., 101 Townsend St. San Francisco, CA 94107, USA.

The provider protects the website and the associated IT infrastructure from unauthorized third-party access, cyber attacks, as well as from viruses and malware. The provider collects the IP addresses of users and, if necessary, other data on your behavior on our website (in particular accessed URLs and header information) in order to detect and ward off illegitimate page access and dangers. The collected IP address is compared with a list of known attackers. If the collected IP address is recognized as a security risk, the provider can automatically block it from accessing the page. The information collected in this way is transmitted to a server of the provider and stored there.

The data processing operations described take place in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interests in protecting the website from harmful cyber attacks and in maintaining the structure and data integrity and security.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

12) Rights of the Data Subject

12.1 Applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the legal basis cited for the respective prerequisites for exercise:

Right of access pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to notification pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consent granted pursuant to Art. 7 (3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

12.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA WITHIN THE SCOPE OF A BALANCE OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING RESERVES THE RIGHT IF WE CAN PROVE COMPELLING LEGITIMATE REASONS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

13) Duration of Storage of Personal Data

The duration of the storage of personal data is determined based on the respective legal basis, the purpose of processing and – if applicable – additionally based on the respective statutory retention period (e.g., commercial and tax retention periods).

When processing personal data on the basis of express consent pursuant to Art. 6 (1) (a) GDPR, the data concerned is stored until you withdraw your consent.

If there are statutory retention periods for data processed within the scope of contractual or quasi-contractual obligations on the basis of Art. 6 (1) (b) GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer required for contract fulfillment or contract initiation and/or there is no longer a legitimate interest on our part in further storage.

When processing personal data on the basis of Art. 6 (1) (f) GDPR, this data is stored until you exercise your right to object according to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 (1) (f) GDPR, this data is stored until you exercise your right to object according to Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

As of: 24.06.2026