Privacy policy

Privacy Policy

Unless otherwise stipulated below, providing your personal data is neither legally nor contractually required and is not necessary for concluding a contract. You are not obliged to provide it. Failure to provide it has no consequences. “Personal data” means any information relating to an identified or identifiable natural person.

1. Controller and Contact

Controller:
Mikko Wood
Soundmaxx-Online.de
Hardtstraße 80
69124 Heidelberg
Germany
Tel.: +49 6221 8935800
E-mail: kundenservice@cmk-versand.de

2. Hosting, Platform, Server Log Files

Shop platform/hosting: Our shop is provided via Shopify. Provider: Shopify International Ltd., Dublin, Ireland, affiliated with Shopify Inc., Ottawa, Canada.
Each time you access the site, your browser transmits usage data to our web host/IT service provider and this is stored in server log files (page accessed, date/time, IP address, amount of data transferred, referrer, provider).
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stability, security and error analysis).

Transfers to third countries: Your data may be transferred to Canada and the USA. Canada is covered by an adequacy decision. For the USA, an adequacy decision exists (TADPF). Shopify is not certified under the TADPF. Transfers are carried out on the basis of EU Standard Contractual Clauses (SCCs) and, where applicable, supplementary measures.

3. Contact

Unsolicited e-mail/contact form: Data processed: name, e-mail, message, and any other information you provide.
Purpose: Processing your enquiry.
Legal basis: Art. 6(1)(b) GDPR (pre-contract/contract) or Art. 6(1)(f) GDPR (interest in responding). Objection possible under Art. 21 GDPR.
Deletion: after completion of processing, subject to statutory retention periods.

4. Customer Account

When you create a customer account, we process the data requested in the form.
Purpose: convenient order processing.
Legal basis: Art. 6(1)(a) GDPR (consent, revocable). After withdrawal, we delete the account.

5. Orders, Payment Processing, Dropshipping & Fulfilment

5.1 Processing for Contract Performance

We process order data only to the extent necessary to fulfil the order and handle related enquiries.
Legal basis: Art. 6(1)(b) GDPR.

5.2 Categories of Recipients

  • Shipping companies/logistics providers

  • Dropshipping and fulfilment partners in the EU/EEA and in third countries, in particular China

  • Payment service providers (e.g. PayPal, Klarna, Stripe, Apple Pay, Google Pay, giropay)

  • IT and shop service providers (e.g. Shopify, payment gateway, ERP/stock management)

  • ERP/stock management: plentysystems AG, Johanna-Waescher-Str. 7, 34131 Kassel

Scope of disclosure: only the minimum data necessary, e.g. name, address, e-mail, telephone number, order/item data, shipping and payment information and, for dropshipping where applicable, additional customs/export-related information.

5.3 Dropshipping from the EU and China

For selected products, delivery is carried out directly by external dropshipping providers from Europe and China. They receive the customer data required for manufacture, picking, packaging, customs clearance and delivery.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
Third-country transfers: Where partners are located outside the EEA, in particular China, the transfer is carried out on the basis of EU Standard Contractual Clauses (SCCs) and, where applicable, supplementary measures. If, exceptionally, an equivalent level of data protection cannot be ensured, we additionally rely—where necessary—on Art. 49(1)(b) GDPR (necessity for performance of a contract with the data subject, e.g. delivery to the address specified by the customer).

5.4 Customs, Taxes, Authorities

Where required for delivery, data relating to customs, tax or import formalities may be transferred to service providers/authorities.
Legal basis: Art. 6(1)(b) and (c) GDPR.

6. E-mail and SMS Marketing Communications

6.1 Newsletter

Sent only with consent. You can unsubscribe at any time.
Legal basis: Art. 6(1)(a) GDPR.

6.2 Direct E-mail Marketing to Existing Customers

Advertising for our own similar products after a purchase, as long as there is no objection.
Legal basis: Art. 6(1)(f) GDPR. You can object at any time.

6.3 SMS Marketing

Only with consent. Sending may be carried out via processors.
Legal basis: Art. 6(1)(a) GDPR.

6.4 Back-in-Stock Notification

One-off e-mail when available again, with prior consent.
Legal basis: Art. 6(1)(a) GDPR.

7. ERP/Stock Management (Plentymarkets)

We use an external ERP/stock management system: plentysystems AG, Johanna-Waescher-Str. 7, 34131 Kassel.
Purpose/legal basis: contract processing, Art. 6(1)(b) GDPR.

8. Payment Services

If you select a payment service provider, the data required for processing will be transferred to the respective provider; where applicable, including a credit check in accordance with their terms.
Legal bases: Art. 6(1)(b) GDPR; for credit checks Art. 6(1)(f) GDPR.
The privacy notices of the providers apply: