Privacy Policy
1. General Information
Unless otherwise stated below, providing your personal data is neither legally nor contractually required, nor necessary for the conclusion of a contract. You are not obliged to provide your data. Failure to provide data has no consequences—unless otherwise specified in the following processing activities.
“Personal data” means any information relating to an identified or identifiable natural person.
2. Server Log Files
You can visit our website without providing any personal information.
Each time you access our website, usage data is transmitted to us or our web hosting/IT service provider by your Internet browser and stored in server log files. This data includes, for example: the name of the accessed page, date and time of access, IP address, amount of data transferred, and the requesting provider.
Processing is carried out pursuant to Art. 6(1)(f) GDPR, based on our overriding legitimate interest in ensuring the stability and functionality of our website, as well as optimizing our online offering.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA. Canada is subject to an adequacy decision by the European Commission. The USA is also covered by such a decision through the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under TADPF, so data transfers occur on the basis of contractual obligations comparable to the EU Commission's Standard Contractual Clauses (SCCs).
3. Contact
Controller:
If you contact us, the controller for data processing is:
Muhammed Dogan Dogac
Schöllkopfstraße 107
73230 Kirchheim unter Teck
Germany
Phone: +49 162 6216347
Email: info@breatho.se
Contact via Email
If you contact us by email, we collect and process your personal data (e.g. name, email address, message content) only to the extent provided by you. This data is used to respond to your inquiry.
If the contact is related to pre-contractual steps (e.g. purchase advice, quotations) or an existing contract, the processing is based on Art. 6(1)(b) GDPR.
For all other inquiries, the processing is based on Art. 6(1)(f) GDPR, stemming from our legitimate interest in handling and responding to your request. You have the right to object to this processing at any time for reasons relating to your particular situation.
We use your email address only to process your inquiry. Your data will be deleted afterward unless you have consented to further processing.
4. Contact Form
When you use the contact form on our website, we collect your personal data (such as name, email address, and message content) only to the extent you provide them. This data is used solely to respond to your inquiry.
If the contact relates to:
Art. 6(1)(b) GDPR.
In all other cases, the processing is based on Art. 6(1)(f) GDPR, arising from our legitimate interest in processing and responding to your request.
In such cases, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation.
We use your email address exclusively to respond to your inquiry. Your data will then be deleted, unless you have explicitly agreed to further processing or legal retention obligations apply.
5. Customer Account and Orders
Customer Account
When you open a customer account, we collect and process the personal data you provide for the purpose of:
This processing is based on your consent pursuant to Art. 6(1)(a) GDPR.
You may revoke your consent at any time by contacting us. The legality of the processing up to the time of revocation remains unaffected. Upon withdrawal, your customer account will be deleted.
Order Processing
When you place an order, we collect and process your personal data only to the extent necessary for fulfilling the contract and handling your inquiries.
Providing this data is mandatory for the conclusion of a contract. Failure to provide it means that no contract can be concluded.
Processing is based on Art. 6(1)(b) GDPR.
Data may be shared with:
In all cases, we comply with legal requirements, and the amount of data shared is limited to the minimum necessary.
Your data may be transferred to third countries outside the EU, particularly to Canada and the USA:
Trans-Atlantic Data Privacy Framework (TADPF).
, so transfers are based on Standard Contractual Clauses (SCCs) or comparable contractual safeguards.
6. Newsletter and Promotional Emails
Use of Your Email Address for Newsletter Distribution
We use your email address to send you promotional content and newsletters only if you have explicitly consented to receive them.
The purpose of data processing is promotional communication, specifically:
We process:
email address, and optionally
additional details you may have provided during newsletter signup (e.g. first and last name)
The legal basis is Art. 6(1)(a) GDPR (consent).
You can revoke your consent at any time, without affecting the legality of any processing carried out before your withdrawal.
You can unsubscribe:
unsubscribe link in any newsletter email
After unsubscribing, your email address will be removed from our mailing list.
To prevent future mailings, we may store your email in a suppression list (so-called “blacklist”), based on Art. 6(1)(f) GDPR.
This serves the legitimate interest of both parties in preventing unwanted emails.
You have the right to object to this storage for reasons related to your particular situation.
Use of Klaviyo for Newsletter Delivery
We use the services of Klaviyo Inc. (125 Summer Street, Floor 7, Boston, MA 02111, USA) for sending newsletters and managing subscriber data.
When you sign up for our newsletter, the information you provide is transmitted to Klaviyo.
This includes:
email address
name or other voluntary data
Klaviyo helps us send personalized newsletters and statistically evaluate campaign performance.
To do this, emails may include:
or tracking links
Klaviyo may collect:
Usage profiles may be created under a pseudonym.
The data will not be used to personally identify you.
Your data is typically stored on servers located in the USA.
The USA is recognized under the TADPF (Trans-Atlantic Data Privacy Framework), and Klaviyo is certified under this framework, ensuring GDPR-compliant data handling.
The legal basis for processing is Art. 6(1)(f) GDPR, based on our legitimate interest in efficient, personalized, and measurable newsletter communication.
You may object at any time for reasons relating to your particular situation.
For more details, see:
Klaviyo Privacy Policy
Klaviyo Data Processing Agreement
7. Payment Service Providers & Credit Checks
Use of Klarna Payment Services
We offer payment options through Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (“Klarna”).
When you select Klarna as a payment method (e.g., Pay Later, Pay Now, or Financing), the following applies:
To enable Klarna to process the payment and fulfill the agreement, personal data required for the transaction will be transmitted to Klarna.
This includes:
The processing of your data is based on Art. 6(1)(b) GDPR as it is necessary to fulfill the contractual relationship with you.
Cookies and Browser Recognition
Klarna may use cookies or similar technologies to identify your browser or device.
This is done to:
The legal basis for this is Art. 6(1)(f) GDPR, arising from our and Klarna’s legitimate interest in providing user-friendly payment processing.
You may object to this processing at any time on grounds relating to your particular situation.
"Pay Later", "Pay Now", and "Financing" Options
For specific Klarna payment methods such as:
Klarna may perform a credit check to assess the risk of non-payment.
To do so, Klarna may forward personal data to third-party credit agencies.
The data shared may include:
These credit reports may include score values, which are calculated using scientifically recognized statistical methods, potentially including address data.
Klarna uses the results to decide whether to approve your selected payment method.
This processing is based on Art. 6(1)(f) GDPR, from Klarna’s legitimate interest in avoiding payment defaults.
You may object to this processing at any time by contacting Klarna, provided the objection is based on your particular situation.
Providing this data is mandatory for the selected Klarna payment method.
Failure to provide the data will result in inability to use Klarna’s services.
More Information
Details about Klarna’s credit checks and the credit agencies they use can be found here:
Klarna Credit Rating Agencies (DE)
Klarna Credit Rating Agencies (AT)
General privacy info from Klarna:
https://www.klarna.com/de/
https://www.klarna.com/at/
Klarna handles your data in compliance with GDPR and their respective privacy policies:
Germany Privacy Policy (Klarna)
Austria Privacy Policy (Klarna)
8. Cookies
Our website uses cookies.
Cookies are small text files that are stored in or by your web browser on your device. When you visit a website, a cookie can be saved on your device. This cookie contains a unique character string that enables the browser to be recognized again when the website is accessed next time.
Cookies are stored locally on your device. Therefore, you have full control over the use of cookies.
By configuring the settings in your browser:
notified before cookies are set.
decide individually whether to accept cookies.
disable cookie storage and delete cookies at any time.
Please note: If you deactivate cookies, some features of our website may not function properly.
Managing Cookies in Common Browsers
Here’s how you can manage (or disable) cookies in major browsers:
Manage cookies in Microsoft Edge
Technically Necessary Cookies
Unless otherwise specified in this privacy policy, we use only technically necessary cookies. These cookies serve to make our website:
Cookies allow our systems to recognize your browser after page changes and provide essential functions (e.g. maintaining session data or remembering language selection).
These cookies are used based on:
, and
, based on our legitimate interest in offering a user-friendly, secure, and fully functional website.
You have the right to object to this processing at any time on grounds relating to your particular situation.
9. Marketing & Tracking Technologies
Use of Meta Pixel (Facebook & Instagram)
We use the Meta Pixel from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Meta and we are joint controllers under Art. 26 GDPR for data collection and transfer to Meta.
Our joint processing agreement outlines the responsibilities of each party and can be found here:
📄 Meta Business Tools Terms
What does Meta Pixel do?
It allows us to:
How it works:
When you visit our website, a direct connection to Meta’s servers is established. The visited pages are transmitted to Meta. Meta matches this to your Facebook or Instagram account and may show you personalized ads.
Legal basis:
This processing is based on your explicit consent according to Art. 6(1)(a) GDPR.
You may revoke your consent at any time with future effect.
Data transfer to the USA:
Meta is certified under the Trans-Atlantic Data Privacy Framework (TADPF), ensuring GDPR compliance.
More Info:
Meta Privacy Policy
You can opt out of Custom Audiences here.
Google Ads & Conversion Tracking
We use Google Ads Conversion Tracking, a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
How it works:
If you click on a Google ad, a conversion cookie is set. This cookie:
When you visit specific pages, Google and we can see that the ad was clicked and led to a specific action.
Purpose:
To measure and analyze the effectiveness of our advertising campaigns.
Legal basis:
Consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG for cookie usage.
You may revoke your consent at any time.
Data transfer to the USA:
Google LLC is certified under the TADPF.
More Info:
Google Privacy Policy
Use of Google AdSense
We use Google AdSense to display personalized ads via Google’s Display Network.
Provider: Google Ireland Ltd., Dublin, Ireland
What happens:
Legal basis:
Consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG
More Info:
Ad technologies from Google
Google Privacy Policy
TikTok Pixel
We use the TikTok Pixel, provided by:
Purpose:
To analyze user behavior, create remarketing audiences, and measure ad effectiveness.
Collected data may include:
TikTok may link this data to your TikTok user account.
Pseudonymous user profiles may be created.
Legal basis:
Consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG
You may revoke your consent at any time.
Data transfer:
TikTok may transfer data to the USA or other third countries. TikTok is not TADPF-certified. Transfers rely on Standard Contractual Clauses (SCCs).
More Info:
TikTok Privacy Policy
Controller-to-controller terms
10. Plug-ins and Other Integrated Tools
Use of Google Tag Manager
We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose:
Google Tag Manager allows us to manage and integrate tracking codes and other script tags on our website without modifying the source code. It acts as a container for tools such as:
Important:
does not process personal data itself.
not set cookies, nor does it store any user data directly.
trigger other tags that do process personal data.
Legal basis:
The use of Google Tag Manager is based on Art. 6(1)(f) GDPR, stemming from our legitimate interest in a technically efficient and user-friendly integration of services.
More info:
Google Tag Manager Use Policy
Use of Google Translate
Our website uses Google Translate via an embedded API, provided by Google Ireland Limited.
Purpose:
To automatically display content in the language appropriate for the visitor’s region or preference.
How it works:
cookies and the transfer of the following data:
Legal basis:
Your explicit consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG for cookie placement.
You can revoke your consent at any time.
Data transfer to the USA:
Google LLC is certified under the TADPF, ensuring adequate data protection according to EU standards.
More info:
Google Privacy Policy
11. Data Retention Period
After a contract is fully executed, we retain personal data for the duration of the statutory warranty period.
Following that, we retain data for the periods required by commercial and tax law (e.g. in Germany: up to 10 years).
Once these periods expire, the data will be deleted, unless you have consented to further processing or use.
12. Your Rights under the GDPR
As a data subject, you have the following rights under Articles 15–20 GDPR, provided the legal requirements are met:
(Art. 15): You can request confirmation as to whether we process your personal data and receive details about the processing.
(Art. 16): You can request correction of inaccurate or incomplete personal data.
(Art. 17): You can request deletion of your personal data (“right to be forgotten”).
(Art. 18): You can request restricted processing under certain circumstances.
(Art. 20): You can receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.
13. Right to Object (Art. 21 GDPR)
If your personal data is processed based on our legitimate interests (Art. 6(1)(f) GDPR), you have the right to object at any time, on grounds relating to your particular situation.
We will then stop processing the data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if the processing serves to establish, exercise, or defend legal claims.
Right to object to direct marketing:
If your data is processed for direct marketing purposes, you may object at any time without giving reasons. We will immediately stop using your data for these purposes.
14. Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority.
You may contact the authority responsible for our company:
Baden-Württemberg Commissioner for Data Protection and Freedom of Information
Königstraße 10a
70173 Stuttgart, Germany
Phone: +49 711 6155410
Fax: +49 711 61554115
Email: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de
15. Last Update
This privacy policy was last updated on October 22, 2024.