Privacy Policy - English Translation

1) Introduction and Contact Details of the Responsible Party

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how we handle your personal data when using our website. Personal data is all data that can be used to personally identify you.

1.2 The responsible party for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is JPM Trading GmbH, Lange Straße 29, 63741 Aschaffenburg, Germany, Tel.: 06021/410707, E-mail: team@dirts.eu. The party responsible for processing personal data is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 For purely informational use of our website, i.e., when you do not register or otherwise transmit information to us, we only collect such data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:

• Our visited website
• Date and time at the time of access
• Amount of data sent in bytes
• Source/reference from which you reached the page
• Browser used
• Operating system used
• IP address used (if applicable: in anonymized form)

The processing is carried out according to Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. No transfer or other use of the data takes place. However, we reserve the right to subsequently check the server log files if concrete indications of unlawful use arise.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party). You can recognize an encrypted connection by the character sequence "https://" and the lock symbol in your browser bar.

3) Hosting & Content Delivery Network

3.1 Amazon Web Services For hosting our website and displaying page content, we use the system of the following provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized transfer to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

3.2 Shopify For hosting our website and displaying page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized transfer to third parties.

For data transfer to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

3.3 Cloudflare We use a Content Delivery Network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content or scripts faster via a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website according to Art. 6 para. 1 lit. f GDPR.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized transfer to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device longer and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can see the storage duration in the overview of the cookie settings of your web browser.

If personal data is also processed by individual cookies used by us, the processing is carried out according to Art. 6 para. 1 lit. b GDPR either for the execution of the contract, according to Art. 6 para. 1 lit. a GDPR in case of given consent, or according to Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser to inform you about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contact

5.1 Trusted Shops For review reminders, we use the services of the following provider: Trusted Shops AG, Subbelrather Str. 15c, 50823 Cologne, Germany

Exclusively based on your express consent according to Art. 6 para. 1 lit. a GDPR, we transmit your email address and possibly other customer data to the provider so that they can contact you with a review reminder by email. You can revoke your consent at any time with effect for the future towards us or the provider.

We are jointly responsible with the provider for the processing described above according to Art. 26 GDPR. The contract on joint responsibility can be viewed here: https://help.etrusted.com/hc/de/articles/4402587369105-Vertrag-%C3%BCber-die-gemeinsame-Verantwortlichkeit-nach-DSGVO

5.2 In the context of contacting us (e.g., via contact form or email), personal data is processed - exclusively for the purpose of processing and answering your request and only to the extent necessary for this. The legal basis for processing this data is our legitimate interest in answering your request according to Art. 6 para. 1 lit. f GDPR. If your contact aims at a contract, then an additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided no legal retention obligations stand in the way.

6) Data Processing When Opening a Customer Account

According to Art. 6 para. 1 lit. b GDPR, personal data continues to be collected and processed to the extent required if you provide it to us when opening a customer account. You can see which data is required for opening an account from the input mask of the corresponding form on our website.

Deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the responsible party. After deletion of your customer account, your data will be deleted, provided all contracts concluded through it have been completely processed, no legal retention periods stand in the way, and we have no legitimate interest in continued storage.

7) Use of Customer Data for Direct Marketing

7.1 Registration for Our Email Newsletter If you register for our email newsletter, we regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally.

For newsletter dispatch, we use the so-called double opt-in procedure, which ensures that you only receive newsletters when you have expressly confirmed your consent to receive newsletters by clicking a verification link sent to the specified email address. By activating the confirmation link, you give us your consent for the use of your personal data according to Art. 6 para. 1 lit. a GDPR.

Here we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your email address at a later time. The data collected by us when registering for the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by corresponding message to the responsible party mentioned at the beginning. After successful unsubscription, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve further data use that is legally permitted and about which we inform you in this statement.

7.2 GoDaddy Our email newsletters are sent via this provider: Go Daddy Operating Co LLC, 14455 North Hayden Road, Suite 226, Scottsdale, AZ 85260, USA

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on your data provided during newsletter registration according to Art. 6 para. 1 lit. f GDPR to this provider so that they take over the newsletter dispatch on our behalf.

Subject to your express consent according to Art. 6 para. 1 lit. a GDPR, the provider also conducts statistical success evaluation of newsletter campaigns using web beacons or counting pixels in the sent emails, which can measure opening rates and specific interactions with newsletter content. Device information (e.g., time of access, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data sets.

You can revoke your consent to newsletter tracking at any time with effect for the future. We have concluded a data processing agreement with the provider that protects our website visitors' data and prohibits transfer to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

7.3 Klaviyo Our email newsletters are sent via this provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA

[Similar content structure as GoDaddy section]

8) Data Processing for Order Processing

8.1 Insofar as necessary for contract processing for delivery and payment purposes, the personal data collected by us is passed on to the commissioned transport company and the commissioned credit institution according to Art. 6 para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data transmitted by you during the order to inform you personally within the scope of our legal information obligations according to Art. 6 para. 1 lit. c GDPR.

Your contact data is used strictly for the purpose of communications about updates owed by us and is processed by us for this purpose only insofar as necessary for the respective information.

To process your order, we also work with the following service provider(s) who support us wholly or partially in the execution of concluded contracts. Certain personal data is transmitted to these service providers according to the following information.

8.2 Transfer of Personal Data to Shipping Service Providers

- DHL As a transport service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

We pass on your email address and/or telephone number according to Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose of coordinating a delivery appointment or for delivery notification to the provider, provided you have given your express consent for this in the order process. Otherwise, for the purpose of delivery according to Art. 6 para. 1 lit. b GDPR, we only pass on the recipient's name and delivery address to the provider. The transfer only takes place insofar as this is necessary for the delivery of goods. In this case, prior coordination of the delivery appointment with the provider or delivery notification is not possible.

Consent can be revoked at any time with effect for the future towards the responsible party mentioned above or towards the provider.

- DPD As a transport service provider, we use the following provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany

[Similar structure as DHL section]

8.3 Use of Payment Service Providers

- Apple Pay If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is carried out via the "Apple Pay" function of your device running iOS, watchOS or macOS by charging a payment card stored in "Apple Pay".

Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. To authorize a payment, you must enter a code you previously set and verify using your device's "Face ID" or "Touch ID" function.

For the purpose of payment processing, your information provided during the ordering process along with information about your order is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to process the payment.

[Continues with detailed Apple Pay processing information...]

- Google Pay [Detailed Google Pay processing information...]

- Klarna [Detailed Klarna processing information...]

- PayPal [Detailed PayPal processing information...]

- Shopify Payments [Detailed Shopify Payments processing information...]

9) Web Analytics Services

9.1 Google (Universal) Analytics This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables analysis of your use of our website.

By default, when visiting the website, Google (Universal) Analytics sets cookies, which are stored as small text components on your device and collect certain information. This information includes your IP address, which is however shortened by Google by the last digits to exclude direct personal identification.

The information is transmitted to Google servers and processed there. Transfers to Google LLC based in the USA are also possible. Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activities for us, and provide other services related to website use and internet use.

The IP address transmitted by your browser and shortened within the framework of Google Analytics is not merged with other Google data. The data collected within the framework of using Google (Universal) Analytics is stored for a period of two months and then deleted.

All processing described above, particularly the setting of cookies on the device used, only takes place if you have given us your express consent according to Art. 6 para. 1 lit. a GDPR. Without your consent, Google (Universal) Analytics will not be used during your site visit.

You can revoke your given consent with effect for the future at any time. To exercise your right of revocation, please deactivate this service via the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with Google that ensures the protection of our website visitors' data and prohibits unauthorized transfer to third parties.

[Continues with demographic features, Google Signals, and UserIDs sections...]

9.2 Google Analytics 4 [Similar structure as Universal Analytics...]

9.3 Google Tag Manager [Detailed Google Tag Manager information...]

9.4 Klar! [Detailed Klar analytics information...]

9.5 Microsoft Clarity [Detailed Microsoft Clarity information...]

10) Retargeting/Remarketing and Conversion Tracking

Meta Pixel Within our online offering, we use the "Meta Pixel" service from the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta")

When a user clicks on an advertisement we have placed on Facebook and/or Instagram, the URL of our linked page is extended by a parameter using "Meta Pixel". This URL parameter is then entered into the user's browser after the redirect through a cookie that our linked page sets itself.

[Continues with detailed Meta Pixel processing information...]

11) Site Functionalities

11.1 YouTube This website uses plugins to display and play videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transmitted to: Google LLC, USA

[Continues with YouTube processing details...]

11.2 Trusted Shops Trustbadge [Detailed Trusted Shops information...]

11.3 Google Web Fonts [Detailed Google Fonts information...]

12) Tools and Miscellaneous

12.1 DATEV For accounting, we use the service of the cloud-based accounting software from the following provider: DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg, Germany

[Continues with DATEV processing details...]

12.2 Cookie Consent Tool This website uses a so-called "Cookie Consent Tool" to obtain effective user consent for cookies requiring consent and cookie-based applications.

[Continues with cookie consent tool details...]

13) Rights of the Data Subject

13.1 The applicable data protection law grants you the following data subject rights (information and intervention rights) towards the responsible party regarding the processing of your personal data, whereby reference is made to the cited legal basis for the respective exercise requirements:

• Right to information according to Art. 15 GDPR
• Right to rectification according to Art. 16 GDPR
• Right to deletion according to Art. 17 GDPR
• Right to restriction of processing according to Art. 18 GDPR
• Right to notification according to Art. 19 GDPR
• Right to data portability according to Art. 20 GDPR
• Right to revoke given consents according to Art. 7 para. 3 GDPR
• Right to complain according to Art. 77 GDPR

13.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE REASONS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US TO CONDUCT DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

14) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the processing purpose and - if applicable - additionally by the respective legal retention period (e.g., commercial and tax retention periods).

When processing personal data based on express consent according to Art. 6 para. 1 lit. a GDPR, the affected data is stored until you revoke your consent.

If legal retention periods exist for data processed within the framework of legal transactions or transaction-like obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data is routinely deleted after the retention periods expire, provided it is no longer required for contract fulfillment or contract initiation and/or we have no legitimate interest in continued storage.

When processing personal data based on Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object according to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

When processing personal data for the purpose of direct marketing based on Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object according to Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information in this statement about specific processing situations, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.