Personal data is collected through the use of our online shop. Personal data is any information relating to an identified or identifiable natural person.
We take the protection of your personal data very seriously and treat it confidentially and in accordance with the law, in particular taking into account the principles for the processing of personal data in accordance with Art. 5 GDPR.
This declaration serves to inform you as a user of our website in accordance with Art. 12, 13 GDPR about the purposes of the collection of personal data and your associated rights. We therefore ask you to read the following information carefully.
The controller within the meaning of the General Data Protection Regulation (GDPR) for the operation of this online shop is
ZweiPunkt GmbH
represented by the managing director Christoph Hofer
Am Vogelherd 92a
98693 Ilmenau
We have appointed a data protection officer. He is available to answer any questions you may have about data protection at ZweiPunkt GmbH. You can reach our data protection officer by email at
or by post at:
ZweiPunkt GmbH
- Data Protection Officer -
Am Vogelherd 92a
98693 Ilmenau
The recipients of personal data are the controller, its employees and - only if necessary - external service providers (in particular logistics companies and payment service providers) that the controller uses to fulfil its contractual obligations. A list of external service providers used by the service provider for the purpose of contract fulfilment is provided in sections 6 and 7 below.
Data processing operations take place via this online shop. The controller endeavours to reduce these processing operations to what is necessary for the operation of the site. Below you will find out which data is collected, on what legal basis and for what purpose.
When you visit the zwei.gmbh website, the provider automatically collects and logs personal data, the so-called server log files. This includes
The purpose of this data collection is data security and protection against misuse.
The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR. In this case, the controller has a legitimate interest in the proper operation of the website and protection against unauthorised access to it. Without this data, it would not be possible to access the zwei.gmbh website.
If you use the contact options email, contact form or telephone, this also leads to data collection by the controller. Depending on the contact option selected and your request, the personal data collected includes in particular your name, address, email address, telephone number and other personal data you provide to us.
The processing takes place in the context of general enquiries on the basis of Art. 6 para. 1 lit. f GDPR, as the controller has a legitimate interest in processing your request and you have also provided your data of your own accord. In the context of contract-related enquiries, processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
If a contract is concluded between you and the controller via one of the above-mentioned contact options, the personal data collected in this context will be collected in accordance with Art. 6 para. 1 lit. b GDPR for the purpose of fulfilling the contractual relationship.
If you conclude a contract via the order form, the controller collects personal data. This includes your name, your address, your e-mail address, your telephone number if applicable and the information required to process the payment if you choose to purchase on account (companies, public clients) or in advance.
This data is collected for the purpose of contract fulfilment in accordance with Art. 6 para. 1 lit. b GDPR.
You also have the option of creating a customer account. If you decide to do so, the personal data you provide will be stored. By creating the customer account, you declare your consent to the data processing in accordance with Art. 6 para. 1 lit. a GDPR.
If you decide to subscribe to the ZweiPunkt GmbH newsletter, the controller processes personal data. This includes in particular your e-mail address and other voluntary information.
Your data will be used by the controller for the purpose of direct advertising. The newsletters contain so-called pixels. These are small files that are used to make the consequences of certain marketing measures statistically visible and analysable.
By providing the relevant data and confirming the validity of this privacy policy, you expressly consent to the processing of this personal data by the controller for the above-mentioned purposes, Art. 6 para. 1 lit. a GDPR. You can unsubscribe at any time.
The controller offers a chatbot from the US company Chatbase on its website. This service is used to answer customers' questions about eCommerce and the controller's services and products.
By using the service, you consent to the processing of the personal data required to use the chatbot. When using the chatbot, only the personal data required to provide the service is collected. The processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
Further information on data transfer to Chatbase Inc. can be found in section 6.4.
Cookies are text files that the provider of a website stores on the user's computer and can retrieve when the website is called up again in order to facilitate navigation on the Internet or transactions or to retrieve information about user behaviour.
This site uses the following cookies:
These cookies are technically necessary for the operation of the shop page. Due to the overriding interest of the controller, your consent is therefore not required, Art. 6 para. 1 lit. f GDPR.
Your personal data will only be passed on to third parties if you have consented to the transfer, if this is necessary for the fulfilment of the contract or if the controller is legally obliged to do so.
The Trusted Shops Trustbadge is integrated on this website to display the Trusted Shops seal of approval and any collected reviews as well as to offer Trusted Shops products to buyers after an order. This serves to safeguard the legitimate interests of the processor, which predominate in the context of a balancing of interests, in the optimal marketing of its offer.
The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. When the Trustbadge is called up, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. This access data is not analysed and is automatically overwritten no later than seven days after the end of your visit to the site.
Further personal data is only transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. In this case, the contractual agreement concluded between you and Trusted Shops applies.
This site accesses so-called Content Delivery Networks (CDNs) for certain media. This means that when this site is accessed, individual media are loaded via a CDN, i.e. they are loaded via another server. This serves to optimise the loading time and performance of the page.
The use of CDNs is relevant under data protection law because the user's IP address, i.e. personal data, is transmitted to the external server when the CDN is accessed. All data transmitted in this process is automatically deleted after seven days.
The controller does not use external service providers, but its own CDN structure, which is why your data is not transferred to third parties via the CDN and your personal data is not stored outside the EU.
The processing is carried out on the basis of the overriding interest of the controller pursuant to Art. 6 para. 1 lit. f GDPR. This overriding interest of the controller arises from ensuring the functionality and competitiveness of this website.
The controller uses the services of Mollie B.V., Keizersgracht 126, 1015CW, Amsterdam, Netherlands, to process payments (with the exception of the prepayment and invoice payment options). The payment service provider collects the personal data required for payment as well as other data. Further information can be found in the service provider's privacy policy.
The controller has integrated the AI chatbot from Chatbase Inc, 2261 Market Street STE 85690, San Francisco, CA 94114, privacy@chatbase.co, on the zwei.gmbh website. By using the AI chatbot, personal data is collected that is technically necessary for the operation of the chatbot. Chatbase does not use the collected data to train AI. Please also note section 4.7.
Data processing by Chatbase Inc. is carried out on the basis of an order processing contract that the controller has concluded with Chatbase. The data collected is also stored in the USA. Chatbase provides appropriate safeguards in accordance with Art. 46 para. 1, para. 2 lit. c GDPR by implementing binding standard data protection clauses that are enforceable by data subjects. These clauses have been improved based on the guidelines of the European Data Protection Board and will be updated as soon as the new draft of the model clauses is approved. For more information on data protection at Chatbase, please visit the Chatbase Trust Centre (https://trust.chatbase.co/).
In order to optimise the offer for our customers, this site uses the Google services listed below.
This website uses Google Tag Manager. This is a service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The tool is used to define certain processes (so-called triggers) that trigger so-called tags. These are tracking codes and code fragments that enable the controller to analyse non-individual user behaviour and thus optimise its offering. The Google Tag Manager itself does not store any personal data.
This website uses Google Analytics, a tracking tool from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. This tool collects data from site users and processes it for the site operator. This information is used to optimise the site and the offer, to make marketing measures visible and to better understand the purchasing and surfing behaviour of customers.
The following data is collected by Google Analytics by default
Further information about the type of data that can be collected by Google Analytics can be found on Google's support page (here, here and here). Due to the large amount of data collected, it cannot be ruled out that Google will be able to reconstruct the respective user.
Data processing by Google Ireland Ltd. is carried out on the basis of an order processing contract that the controller has concluded with Google. The data collected is also stored on servers of Google LLC, 600 Amphitheatre Parkway, Mountain View, CA 94043. This constitutes a transfer of data to a third country, which is only permitted under special conditions. An adequacy decision by the EU Commission (Data Privacy Framework (DPF)) exists for the transfer of data to the United States of America. Google LLC is DPF-certified. Nevertheless, there remains a residual risk that US authorities may be able to access the data due to the CLOUD Act.
The purpose of data collection is to optimise our offering, improve the user-friendliness of this website and personalise advertising.
Data will only be processed if you expressly consent to the collection of your personal data by agreeing to the use of marketing cookies via the cookie banner when you visit this website. The legal basis for data processing is therefore Art. 6 para. 1 lit. a GDPR.
The controller uses Google Ads, a service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. This enables the controller to place targeted online advertising.
For analysis purposes, Google Ads uses cookies that are set on the controller's website. The cookie is used to register the IP address and interactions of the user who has reached the controller's website via a Google Ad.
Data processing by Google Ireland Ltd. takes place on the basis of an order processing contract that the controller has concluded with Google. The data collected is also stored on servers of Google LLC, 600 Amphitheatre Parkway, Mountain View, CA 94043. This constitutes a transfer of data to a third country, which is only permitted under special conditions. An adequacy decision has been issued by the EU Commission for the transfer of data to the United States of America (Data Privacy Framework). Google LLC is DPF-certified.
The purpose of data collection is to optimise our offering, improve the user-friendliness of this website and personalise advertising.
Data will only be processed if you expressly consent to the collection of your personal data by agreeing to the use of marketing cookies via the cookie banner when you visit this website. The legal basis for data processing is therefore Art. 6 para. 1 lit. a GDPR.
All data will be deleted as soon as the purpose of the data processing no longer applies, the data subject revokes their consent or exercises their right to deletion, unless the processing is necessary for the reasons stated in Art. 17 para. 3 GDPR.
Personal data collected in accordance with section 4.1. will be deleted after 7 days at the latest.
Data collected by Google Analytics in accordance with section 7.2. will be automatically deleted two months after collection.
In accordance with Art. 13 para. 2 GDPR, we as the controller are obliged to inform you in detail about your rights as a data subject affected by the processing of your data. It does not matter in what form you exercise your rights. The requirements for asserting your rights as a data subject can also be found in the GDPR. You are also welcome to contact the data protection officer.
In accordance with Art. 15 para. 1 GDPR, you have the right to request information from the controller as to whether and, if so, which personal data has been collected and about the information referred to in Art. 15 para. 1 lit. a-h GDPR. In accordance with Art. 15 para. 3 GDPR, we are also obliged to provide you with a copy of the personal data we have collected free of charge.
Pursuant to Art. 16 GDPR, you have the right to rectification of inaccurate personal data or completion of incomplete personal data.
In accordance with Art. 17 GDPR, you have the right to demand that the controller erase your personal data immediately if one of the aforementioned reasons applies. However, in exceptional cases, further processing of the data may be necessary in accordance with Art. 17 para. 3 GDPR.
In accordance with Art. 18 GDPR, you have the right to request the controller to restrict the processing of your personal data under the conditions specified therein. This means that your personal data may only be processed for the purposes specified in Art. 18 para. 2 GDPR.
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller where the conditions set out in Art. 20 GDPR are met.
In accordance with Art. 21, you can also object to the processing of personal data that is carried out on the basis of Art. 6 para. 1 lit. e or lit. f GDPR. This applies in particular to the data processed in accordance with point 3.1. and point 3.2. of this privacy policy.
If the controller processes data pursuant to Art. 6 para. 1 lit. a GDPR on the basis of your consent, you can revoke this consent at any time pursuant to Art. 7 para. 3 GDPR. However, the revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data by the controller violates the GDPR.
If you have any questions about data protection, please contact our data protection officer.