Information on data protection. Your data is in good hands!
The person responsible in accordance with Article 4, paragraph 7 of the GDPR:
High on Fun GmbH
Our website is hosted on the web server (Host) of Shopify Inc, 126 York Street - Ottawa, ON, K1N 5T5, Canada (hereinafter "Shopify")
Shopify has, however, structured its data flows in such a way that data of users residing in the EU is exclusively transferred to the Irish company Shopify International Ltd (Voctoriy Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32 Ireland) (see point 6 under https://help.shopify.com/pdf/gdpr-whitepaper.pdf ).
We use Shopify on the basis of Article 6(1)(f) of the GDPR, i.e. we have a legitimate interest in ensuring that our website is presented in the most reliable way possible.
- When visiting the website primarily for information purposes:
If you visit our website solely for information purposes, do not register and do not enter any data or actively send us any data, we process the personal data that your browser transmits to the server via our service provider Shopify (see point 2. above). This data is stored without any action on your part until it is automatically deleted. What information is involved?
You will find it below:
- IP address of the requesting computer
- Date and time of access
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (page visited)
- Access status/HTTP status code
- Amount of data transmitted each time
- Operating system
- Language and version of the browser software
We use the above-mentioned data for the operation of our website, in particular to detect and remove errors on the website, to determine the rate of use of the website, and to make adjustments and improvements. The legal basis for the data processing is Art. 6, para. 1, p. 1, letter f of the GDPR. Our legitimate interest stems from the above-mentioned data collection purposes. Under no circumstances will we use the collected data for the purpose of arriving at inferences about your person. Nor will the data be cross-referenced with other data sources.
The personal data you provide will only be stored by us for the duration of your visit. Afterwards, it is immediately deleted.
If we use external links on our pages which direct you to other service providers, you will recognize this by the link symbol for external links. When you click on an external link, your IP address is visible to the provider of the external site.
- Contact us by e-mail or via the contact form:
You can contact us via the e-mail address provided or via the contact form. In this case, the data you provide (your e-mail address, possibly your name and telephone number) will be saved in order to process your request and to answer your questions. We delete the data generated in this context if the request is attributed to a contract after the time limits relating to the duration of the contract, otherwise after 3 months or limit the processing in case of legal storage obligations.
We process this data under Article 6(1)(b) of the GDPR if your request is related to the performance of a contract or if it is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in efficiently processing the requests made to us (Article 6(1)(f) of the GDPR).
- Other functions and offers on our website:
In addition to the purely informational use of our website, we offer various services that you can use if you are interested and use other customary functions for the analysis or marketing of our offers, which are presented in more detail below in points 8. to 11. For this purpose, you are required to provide other personal data or we process such other data which we use for the provision of the respective services. The following data processing principles apply to all the data processing purposes described here.
Insofar as this data protection declaration does not specify a specific deletion period, we will delete your personal data as soon as the purpose for which it is stored is no longer applicable. We will, however, continue to store your data if we are obliged to do so by European or national legislation in accordance with the regulations, laws or other legal provisions of the Union to which we are subject.
If a storage period prescribed by the aforementioned standards expires, your data will of course be deleted - unless it is still required for the conclusion of a contract with us or for the performance of a contract you have concluded with us.
In accordance with Article 15 of the GDPR, you may request information from us at any time about the personal data we process. In particular, we will provide you, if you so request, with information on the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the intended storage period, the existence of a right of rectification, deletion, of rectification, deletion, limitation of processing or objection, the existence of a right of recourse, the origin of your data if not collected from us as well as on the existence of automated decision-making, including profiling and, if applicable, relevant information on the details of this decision.
In accordance with Article 16 of the GDPR, you can demand that personal data stored by us be corrected immediately if it is inaccurate or incomplete.
In accordance with Article 17 of the GDPR, you have the right to demand the deletion of your personal data stored in our system.
d. Limitation of processing
In accordance with Art.18 GDPR, you can request the limitation of the processing of your personal data.
e. Transmission of data
Pursuant to Art.20 RGPD, you may request us to make available to you the personal data you have provided to us in a structured, commonly used and machine-readable format or to transmit it to another responsible party designated by you.
f. Revocation of consent
In accordance with Article 7(3) of the GDPR, you may revoke the consent you have given us at any time. This has the consequence that we can no longer continue to process the data that was based on this consent in the future.
g. Objection to data collection in special cases and direct advertising
Pursuant to Article 21 of the GDPR, you can object to the processing of your personal data insofar as there are reasons related to your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection which will be implemented by us without indicating a particular situation. You can informally register your objection by e-mail or at our postal address listed at the beginning of this data protection declaration.
If you wish to assert one or more of your rights or if you require further information on this subject, please do not hesitate to contact us at the above address.
We only pass on your data to third parties if:
- You have given your explicit consent in accordance with Art.6, para.1, p.1, letter a of the GDPR
- the transmission pursuant to Art.6 para. 1, subpara. 1, letter f of the GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being transmitted
- in case there is a legal obligation to transmit pursuant to Art.6, paragraph 1, sentence 1, letter c of the GDPR
- as well as if this is permitted by law and necessary for the performance of the contractual relationship with you in accordance with Art. 6, paragraph 1, sentence 1, letter b of the GDPR.
If we use commissioned service providers for certain functions of our offer or if we wish to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you below in detail about the applicable procedures. In doing so, we also mention the criteria for the storage period.
If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of this in the corresponding description of our offer. Some of our service providers are based in the United States, a third country which is not guaranteed to protect data. When the tools of these service providers are active, your personal data may be transferred to and processed in the USA. We would like to point out that the United States does not guarantee a level of data protection comparable to that of the EU. US companies are therefore obliged to pass on personal data to the security authorities without you, as the person concerned, being able to take legal action. It cannot be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for surveillance purposes. Unfortunately, we have no influence on these processing activities.
In accordance with Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence, your place of work or our head office:
Bavarian Office for the Supervision of Data Protection
91504 Ansbach, Germany
Telephone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
a. General information
In addition to the above-mentioned data, we use technical tools for various functions during your visit to our website, including cookies that may be stored on your terminal. When you open our website and at any time thereafter, you can decide whether to allow the installation of cookies in general, to restrict it to certain functions or, if they are not mandatory cookies, to exclude it completely. You can make changes at any time via our cookie consent tool (see below under b) which you can find in the footer of our website under "Cookie settings"). In the following, we will explain the details of cookies from a technical point of view (1), before going into more detail about your individual options by describing the technically necessary cookies (2) and the cookies that you can voluntarily deactivate or exclude (3).
1. What are Cookies?
Cookies are text files or information contained in a database that are stored on your hard drive and associated with the browser you are using, which allows the service placing the cookie to receive certain information. Cookies cannot run programs or transmit viruses to your computer but serve primarily to make the Internet offer faster and more user-friendly. We use the following types of cookies on this website, the function and legal basis of which are explained below:
- Transient cookies: such cookies, in particular session cookies, are automatically deleted when the browser is closed or when you log out. They contain a so-called session ID. This allows us to assign different browser requests to the common session and to recognize your computer when you return to our site.
- Persistent cookies: Such cookies are deleted automatically after a predefined period of time, which varies depending on the cookie. You can view the cookies set and their duration at any time in your browser settings and delete them manually.
2. Mandatory and technically necessary functions for the display of the website:
The technical structure of the website requires us to use techniques, including cookies. Our website cannot be displayed (completely correctly) without these technical tools or certain support functions would not be possible. These are basically temporary cookies that are deleted at the end of your visit to the website, at the latest when you close your browser. You cannot deactivate these cookies if you wish to use our website. The individual cookies are visible in the consent manager. The legal basis for this processing is our legitimate interest in presenting our website as reliably as possible, Article 6, paragraph 1, sentence 1, point f of the GDPR.
3. Optional cookies if you give your consent:
We install various cookies only after obtaining your consent, which you can select via our cookie consent tool when you first visit our website. These functions are only activated with your consent and may, among other things, enable us to analyze and improve visits to our website, to make it easier for you to use via different browsers or terminals, to recognize you during a visit or to serve advertising (if necessary, also to direct advertising according to interests, to measure the effectiveness of ads or to display interest-based advertising). The legal basis for this processing is your consent, Art. 6, Paragraph 1, Sentence 1, letter a of the GDPR and § 25, Paragraph 1 of the TTDSG. You can revoke your consent at any time. However, this does not affect the lawfulness of the processing until the revocation.
b. Cookie banner
We use the GDPR Legal Cookie by Shopify cookie consent tool on our website to obtain your consent to the storage of certain cookies on your terminal or the use of certain technologies and to document this consent in accordance with data protection. The provider of this technology is Shopify Inc. (see point 2., "Shopify").
What cookies and services do we use?
Below we describe the cookies and services we use, which you can individually select and revoke via the GDPR Legal Cookie by Shopify cookie consent tool (see "Cookie Settings" on our website):
Cookies and core services
- cart / Shopify
- cart_ver / Shopify
- shopify_pay_redirect / Shopify
- cart_ts / Shopify
- shopify_pay_redirect / Shopify
- cart_ts / Shopify
- _shopify_m / Shopify
- _tracking_consent / Shopify
- secure_customer_sig / Shopify
- _shopify_tm / Shopify
- cart_currency / Shopify
- _shopify_tw / Shopify
- _secure_session_id / Shopify
Cookies and functional services
- _shopify_sa_t / Shopify
- _shopify_s / Shopify
- _shopify_sa_p / Shopify
- _shopify_y / Shopify
- _orig_referrer / Shopify
- _s / Shopify
- _landing_page / Shopify
- _y / Shopify
- _ga / Google
- _gid / Google
- _gat / Google
- _pandectes_gdpr / Pandectes
- __kla_id / Klaviyo
- _fbp / Facebook
YouTube with extended data protection
This website contains videos from YouTube. The operator of these pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube with the extended data protection mode. According to YouTube, this mode ensures that YouTube cannot store any information about visitors to this site before they watch the video. This extended data protection mode does not necessarily exclude the transmission of data to YouTube's partners. YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video or not.
As soon as you start a YouTube video on this site, a connection is established with the YouTube servers. The YouTube server is then informed of the pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube may also store various cookies on your device after you start a video or use comparable recognition technologies (e.g., device fingerprint). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve usability and prevent fraud attempts.
Other data processing processes that we have no influence on may be triggered after the start of a YouTube video.
The use of YouTube takes place in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.
Insofar as a corresponding consent has been requested, processing takes place exclusively pursuant to Article 6(1)(a) of the GDPR and Article 25(1) of the TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal equipment (e.g. fingerprint of the device) within the meaning of the TTDSG. Consent can be revoked at any time.
For more information on data protection at YouTube, please see their privacy statement at https://policies.google.com/privacy.
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of visitors to the website. For this purpose, the website operator receives various usage data, such as the pages visited, the duration of the visit, the operating systems used and the origin of the user. This data is combined in a User ID and assigned to the respective terminal of the website visitor.
Google Analytics also enables us to record your mouse movements, scrolling movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data sets and uses machine learning technologies for data analysis.
Google Analytics uses technologies that recognize the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Article 25(1) of the TTDSG. This consent can be revoked at any time.
The transfer of data to the United States is based on the European Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/. Regarding the risks of data transfer to the USA, please see the explanation in point 6 of this data protection information.
For more information on the processing of user data by Google Analytics, please refer to the Google privacy statement: https://support.google.com/analytics/answer/6004245.
We have concluded a data processing contract with Google and fully comply with the strict guidelines of the German data protection authorities when using Google Analytics.
If you want to order our product in our online store, it is necessary for the conclusion of the contract that you indicate your personal data which we need to process your order. The mandatory data required for the execution of the contract are marked separately, the other data are optional. For payment, we use Shop Pay in our online store from the service provider Shopify Inc. in the USA. For the European area, the company Shopify International Ltd. is responsible (see above point 2. on data flows and address data). With regard to the risks of a data transfer to the USA, please refer to the explanations given in point 6 of this data protection information. As Shop Pay processes data, your data may be combined with data from other possible Shop Pay services for which you have a user account.
You can find the data protection regulations of Shop Pay or Shopify at https://www.shopify.fr/legal/privacy/customers. The legal basis for this is Article 6, paragraph 1, sentence 1, letter b of the GDPR.
If you wish, you can set up a customer account to manage your data and to enable us to save your data for future purchases. When you create an account under"My account", the data you have provided is stored on a revocable basis. You can always delete all other data, including your user account in the customer area.
Use for advertising/newsletter purposes
We may also process the data you have provided in order to inform you by e-mail about other interesting products in our portfolio, provided you have not objected to this (see point 5.f). The legal basis for this is our legitimate interest, Article 6, paragraph 1, sentence 1, point f of the GDPR. We use the email provider Klaviyo for this purpose (see next point 10).
Data retention period of your online store
According to the provisions of commercial and tax law, we are obliged to store your address, payment and order data for a period of ten years. After three years, however, we will restrict the processing, i.e. from then on your data will only be used to meet legal obligations. This does not apply if you open a customer account with us. In this case, a limitation of processing is only carried out when you delete your customer account.
In order to prevent unauthorized access to your personal data by third parties, the order process is encrypted using SSL or TLS technology.
As a customer, we regularly send you information about other interesting products in our portfolio, provided you have not objected to this (see point 5.f). The legal basis for this is our legitimate interest Article 6, paragraph 1, sentence 1, letter f of the GDPR.
However, as an interested person you can also receive our newsletter offered on the website. For this purpose, we need an e-mail address as well as information that enables us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Other data is not necessary and is only collected if you provide it to us voluntarily. If you are interested, we process your data on the basis of your consent (Article 6(1)(a) GDPR). You can revoke this consent at any time. However, the revocation does not affect the legality of the data processing operations already carried out up to the revocation.
We use the service provider Klaviyo, Inc, 125 Summer Street, Floor 6, Boston, MA, 02110, USA, to manage and send the newsletter. Klaviyo is a service that allows, among other things, to organize and analyze the sending of newsletters. Your data is stored on ActiveCampaign's servers in the USA.
It is stored until you unsubscribe from the newsletter. If you unsubscribe from the newsletter, your data will be deleted from the newsletter distribution list. Data that has been stored with us for other purposes is not affected by this measure.
If you are a customer, your data may be stored in a blacklist after you unsubscribe from the newsletter distribution list with us or Klaviyo, insofar as this is necessary to prevent future mailings. The data entered in the black list is used only for this purpose and is not cross-referenced with other data. The legal basis for this is our interest in complying with the legal provisions when sending newsletters (legitimate interest within the meaning of Article 6(1)(f) of the GDPR). The registration in the blacklist is not limited in time. You can object to the registration insofar as your interests prevail over our legitimate interest.
You can find Klaviyo's privacy statement at: https://www.klaviyo.com/legal/privacy-notice. The transfer of data to the United States is based on the European Commission's standard contractual clauses. Details can be found here:
We use the Junip Inc. customer review tool (1809 - 1 Victoria Street South Kitchener, ON N2G 1C2, Canada, hereafter "Junip") on our website. After you place your order, we ask you to give a review and comment on your purchase from us.
We write to you by e-mail and use Junip's technical systems for this purpose.
The processing of your data is done with your consent / on the basis of our legitimate interests.
The basis for this is our interest based on Article 6(1)(f) of the GDPR to obtain truthful and verified evaluations of our services in the context of direct advertising. For this purpose, we send you an e-mail requesting feedback on our goods or services that you have already purchased from us. For this purpose, we use the e-mail address that you have provided to us in connection with the execution of the contract for the sale of our goods or services. However, you will only receive feedback requests from us if you have not objected to the use of your e-mail address for direct advertising purposes.
You can object to this at any time by informing us. You can also use the link provided in the feedback request to opt-out.
When you comment on an article or a contribution, we only collect your personal data (name, e-mail address, comment text) insofar as you have made it available. We process this data in order to enable you to comment and post your comment. By submitting your comment, you agree to the processing of the data provided. The processing is carried out on the basis of Article 6 (1) letter of the GDPR a with your consent. You can revoke this consent at any time by contacting us. Your personal data and your comment will then be deleted. If you are a customer of ours, only the comment will be deleted. The legality of the processing carried out on the basis of the consent until the revocation is not affected.
If your comment is published, only the name you entered will be published.
All information you transmit to us is stored on servers located in the European Union and Canada. Unfortunately, the transmission of information over the Internet is not completely secure, and we cannot guarantee the security of data transmitted to our site over the Internet. However, we use technical and organizational measures to protect our website and our other systems against loss, destruction, access, modification or distribution of your data by unauthorized persons. In particular, your personal data is transmitted to us in encrypted form. For this purpose, we use the SSL (Secure Socket Layer) [or TLS (Transport Layer Security)] encryption system.
The content of www.highonfun.com is the property of the seller and its partners and is protected by German and international copyright laws. Any reproduction of this content, in whole or in part, is strictly forbidden and may constitute an infringement of copyright.
Version 14.April 2022