Data protection

It is important to us to handle your personal data with care. We are aware of our responsibility and thank you for your trust. Your data is protected by a range of technical and organizational measures against unauthorized access.
 

Our company participates in the Alliance for Cyber Security of the Federal Office for Information Security (BSI).

 
Your data is stored on a secure server in Germany (data center in Nuremberg). This server is integrated into the Backbone Europe infrastructure and equipped with modern technologies and energy-efficient hardware. The power supply is provided entirely from renewable energy.

Our email communication is handled via a German mail server (data center in Berlin), which complies with applicable consumer protection and security requirements. This includes, in particular, the implementation of the technical guideline “Secure Email Transport” (BSI TR-03108) issued by the Federal Office for Information Security (BSI). This server is also operated entirely using renewable energy. 

---

Privacy Policy

Section 1 Controller

The controller responsible for data processing on this website is:

OHB Thalheim e.K.
Owner: Guido Bernhardt
Hufelandstr. 24
09366 Stollberg
Germany

Telephone: +49 800 7467736
E-mail: [email protected]

Section 2 General Information on Data Processing

We process personal data exclusively in accordance with the applicable legal provisions, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications Digital Services Data Protection Act (TDDDG).

Personal data means any information relating to an identified or identifiable natural person, such as name, address, e-mail address, or IP address.

Section 3 Hosting

Our website is hosted by:

netcup GmbH
Daimlerstraße 25
76185 Karlsruhe
Germany

The hosting provider processes personal data in order to ensure the secure and stable operation of the website. In particular, the following data may be processed:

• IP address

• Date and time of access

• Accessed pages

• Browser type

• Operating system

• Referrer URL

• Technical access data

Legal basis:
Article 6(1)(f) GDPR

Legitimate interest:
Secure operation, technical stability, and protection of the website against misuse.

Server log files are generally deleted after no more than 7 days unless longer retention is required for security-related reasons.

Section 4 Data Processing for Contract Performance

(1) Purpose of processing

For the processing of orders, we process the data provided during the ordering process (e.g. name, address, contact details, and payment information).

When you contact us (e.g. by e-mail or contact form), we process the information you provide in order to handle your inquiry.

(2) Legal basis

Article 6(1)(b) GDPR

(3) Recipients

• Shipping service providers

• Payment service providers

• Hosting provider

(4) Storage period

• Contract data: until expiry of statutory warranty periods

• Tax and commercial records: 10 years

• Inquiries: until final processing has been completed

Section 5 Customer Account

If you create a customer account in our online shop, we process the registration data provided by you for the purpose of providing and managing your customer account.

In particular, the following data may be processed:

• Name

• Address

• E-mail address

• Telephone number (if provided)

• Order history

Processing is carried out for the implementation of pre-contractual measures and the performance of the contractual relationship with you.

Legal basis:

Article 6(1)(b) GDPR

The customer account can be deleted at any time, provided that no statutory retention obligations prevent such deletion.

Section 6 Payment Services

Depending on the selected payment method, we transmit personal data to the respective payment service provider for payment processing.

(1) Advance Payment

If advance payment (bank transfer) is selected, payment processing is carried out directly via our bank account. No payment data is transmitted to external payment service providers.

(2) Cash on Delivery

If cash on delivery is selected, payment processing is carried out via the shipping service provider. The data required for delivery (e.g. name and address) will be transmitted.

Legal basis:

Article 6(1)(b) GDPR

(3) PayPal (including payment methods offered via PayPal)

Payment processing is carried out by:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22–24 Boulevard Royal
L-2449 Luxembourg

Depending on the selected payment method, the data required for payment processing will be transmitted to PayPal.

This may include:

• PayPal

• Credit Card (Visa, Mastercard, American Express)

• Apple Pay

• Google Pay

• Purchase on Account

• Installment Payments

PayPal may transfer personal data to credit agencies or affiliated companies for payment processing and creditworthiness checks.

For purchase on account or installment payments, processing may be carried out wholly or partly by external service providers (e.g. Ratepay GmbH, Berlin).

Further information:

PayPal Privacy Statement

Legal basis:

Article 6(1)(b) GDPR and Article 6(1)(f) GDPR

(4) WERO

If WERO is selected as the payment method, payment processing is carried out via participating banks and payment service providers within the WERO system.

The data required for payment processing is processed and transmitted to the participating payment service providers.

Legal basis:

Article 6(1)(b) GDPR

Section 7 Contact Form and Contact by E-mail

If you contact us via a contact form or by e-mail, the data transmitted by you will be processed for the purpose of handling your inquiry.

Legal basis:

Article 6(1)(b) GDPR and/or Article 6(1)(f) GDPR

The data will be deleted once your inquiry has been conclusively processed and no statutory retention obligations apply.

Section 8 Newsletter, Customer Information and Automated Email Communication

(1) Newsletter

If you subscribe to our newsletter, we will use the data you provide exclusively for sending the newsletter.

We use the so-called double opt-in procedure for newsletter subscriptions. After registering, you will receive an email asking you to confirm your subscription by clicking a confirmation link. Your subscription will only become effective once this confirmation has been completed.

For documentation purposes, we store the date and time of registration, the date and time of confirmation, and the IP address used during the registration process.

As part of our newsletter service, we may analyze whether newsletters have been opened and which links within the newsletters have been clicked. This analysis is carried out to improve our services and optimize our customer communication.

Legal basis:
Art. 6 (1) lit. a GDPR

You may withdraw your consent at any time with future effect, for example by using the unsubscribe link included in every newsletter or by contacting us directly.

(2) Customer Information and Automated Service Emails

For the performance of existing contractual relationships and for customer support purposes, we send automated emails where this is necessary for contract fulfillment or based on our legitimate interest in providing customer-friendly communication.

Such emails may include, in particular:

• Payment reminders for advance payment orders
• Notifications regarding delivery delays
• Reminders about expiring vouchers or coupons
• Requests for product reviews
• Invitations to submit shop reviews
• Customer reactivation and win-back campaigns
• Payment reminders and notifications regarding outstanding balances
• Reward vouchers for submitting reviews

For these purposes, we may process your name, email address, order information, and, where applicable, information relating to previous orders.

Legal bases:

• Art. 6 (1) lit. b GDPR (performance of a contract)
• Art. 6 (1) lit. f GDPR (legitimate interest in customer service, customer retention, and quality improvement)
• Art. 6 (1) lit. a GDPR where consent is required

(3) Mailing System

Newsletters and automated emails are sent using the MailBeez system operated on our own servers. Personal data processed for these purposes is not transferred to external newsletter service providers.

All related data is processed exclusively on servers located in Germany.

Section 9 Comments and Reviews

Comments

If you submit comments, your information will be processed for publication.

Legal basis:

Article 6(1)(f) GDPR

You may request deletion at any time.

Shop Reviews (SHOPVOTE)

For the collection and display of reviews, we cooperate with:

SHOPVOTE – Blickreif GmbH
Alter Messeplatz 2
80339 Munich
Germany

In particular, the following data may be processed:

• E-mail address

• Order number

• Order date

To display reviews, content may be loaded from SHOPVOTE. This may result in the transmission of technical data (e.g. IP address) to SHOPVOTE.

Legal basis:

Article 6(1)(f) GDPR

Section 10 Cookies and Consent Management

Our website uses cookies and comparable technologies.

We distinguish in particular between:

• Technically necessary cookies

• Statistics and analytics cookies

• Marketing cookies

Non-essential cookies and comparable technologies are only used with your explicit consent.

We use a consent management system to manage your consent preferences.

The system stores which consents have been granted or withdrawn in order to ensure legally compliant management of cookies and external services.

You may change or withdraw your consent at any time via the "Cookie Settings" on our website.

Legal basis:

• Article 6(1)(a) GDPR

• Section 25(1) TDDDG

Technically necessary cookies are processed on the basis of:

• Article 6(1)(f) GDPR

• Section 25(2) TDDDG

You may disable cookies in your browser at any time. This may limit the functionality of the website.

Section 11 Google Analytics 4

Subject to your consent, we use Google Analytics 4, a web analytics service provided by:

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Google Analytics uses cookies and similar technologies to analyze the use of our website.

The following data may in particular be processed:

• Shortened IP address

• Device information

• Browser information

• Usage behavior

• Visited pages

• Traffic source

• Website interactions

We use Google Analytics exclusively with activated IP anonymization.

Processing is carried out solely on the basis of your consent.

A data processing agreement has been concluded with Google.

Legal basis:

• Article 6(1)(a) GDPR

• Section 25(1) TDDDG

The transfer of personal data to the United States cannot be excluded.

Google relies on the European Commission's Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.

Further information:

Google Privacy Policy

You may withdraw your consent at any time via the cookie settings.

Section 12 Google Ads Conversion Tracking and Google Tags

Subject to your consent, we use Google Ads Conversion Tracking and Google Tags to measure interactions and conversions.

Provider:

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Cookies and similar technologies may be used to determine whether users have reached our website via Google advertisements and whether certain actions have subsequently been performed, such as completing a purchase or submitting a contact form.

The collected data is used to measure the effectiveness of our advertising campaigns and to optimize our online services.

Google may use this information to create pseudonymous usage profiles.

Processing is carried out solely on the basis of your consent.

Legal basis:

• Article 6(1)(a) GDPR

• Section 25(1) TDDDG

The transfer of personal data to the United States cannot be excluded. Google relies on the European Commission's Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.

Further information:

Google Privacy Policy

Section 13 Disclosure of Data

Personal data is disclosed only where:

• it is necessary for the performance of a contract,

• required by law, or

• you have expressly consented.

For the delivery of your order, we transmit the necessary personal data (in particular name, delivery address and, where applicable, e-mail address or telephone number) to the shipping service providers commissioned by us.

These include in particular:

• DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

• Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany

• Hermes Germany GmbH, Essener Straße 89, 22419 Hamburg, Germany

The transfer is carried out exclusively for the purpose of contract fulfillment and delivery of your order.

Legal basis:

Article 6(1)(b) GDPR

Section 14 Storage Period

Personal data is stored only for as long as necessary for the respective processing purpose or as required by statutory retention obligations.

Section 15 Your Rights

You have the following rights:

• Right of access (Article 15 GDPR)

• Right to rectification (Article 16 GDPR)

• Right to erasure (Article 17 GDPR)

• Right to restriction of processing (Article 18 GDPR)

• Right to data portability (Article 20 GDPR)

• Right to withdraw consent (Article 7(3) GDPR)

• Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

Section 16 Right to Object (Article 21 GDPR)

You have the right to object at any time to the processing of your personal data where such processing is based on Article 6(1)(f) GDPR.

In the case of direct marketing, you may object at any time without providing reasons.

Section 17 Supervisory Authority

Saxon Data Protection and Transparency Commissioner
Devrientstraße 5
01067 Dresden
Germany

Website:
https://www.datenschutz.sachsen.de

Last updated: May 2026