Made in Germany
ISPO Award Winner 2020
By surfers for surfers
Developed in Germany
Tripstix Logo
EN Language
login
Warenkorb

Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data includes all data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Tripstix GmbH, Blaichacherstr. 6, 87545 Burgberg i. Allgäu, Germany, Tel.: +49-178-5231117, Email: info@tripstix.de. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website for informational purposes only, we only collect data that your browser transmits to our server (server log files):

  • Visited website
  • Date and time of access
  • Data volume transmitted
  • Referrer URL
  • Browser used
  • Operating system used
  • IP address (possibly anonymized)

The processing is based on our legitimate interest in improving stability and functionality (Art. 6(1)(f) GDPR). We do not use or disclose the data otherwise, unless required by law.

2.2 For security and confidentiality (e.g., orders, inquiries), we use SSL/TLS encryption. A secure connection is indicated by "https://" and a lock icon in your browser's address bar.

3) Hosting & Content Delivery Network

Our website is hosted on servers within the EU by a provider offering exclusively EU-based infrastructure. All collected data is processed on these servers under a data processing agreement.

4) Cookies

We use cookies for website functionality and preferences. Session cookies are deleted on browser close; persistent cookies store settings longer. You can configure your browser to manage cookie acceptance. Refusal of cookies may limit website functionality.

Processing of personal data via cookies is based on:

  • Art. 6(1)(b) GDPR for contract execution
  • Art. 6(1)(a) GDPR if consent is given
  • Art. 6(1)(f) GDPR for legitimate interests in functionality and user experience

5) Contact

When contacting us (e.g., contact form, email), we process personal data solely to respond to inquiries (Art. 6(1)(f) GDPR) or to conclude a contract (Art. 6(1)(b) GDPR). Data is deleted once the matter is resolved and no legal retention obligations remain.

6) Comment Function

Comments are published with the comment, timestamp, and chosen name. We log IP addresses for security and legal defense. Your email is used only to contact you if a third party objects to your comment. Storage is based on Art. 6(1)(b),(f) GDPR.

7) Customer Account

When creating a customer account, we process personal data as required (Art. 6(1)(b) GDPR). You can delete your account anytime; data is then deleted if no contracts remain and no legal obligations or legitimate interests persist.

8) Direct Marketing

8.1 Newsletter Subscription: We use double opt-in. Mandatory: email. Consent under Art. 6(1)(a) GDPR; IP and timestamp are logged. You can unsubscribe anytime.

8.2 Back-in-Stock Notifications: Single email notification via double opt-in. Mandatory: email. Consent under Art. 6(1)(a) GDPR; IP and timestamp are logged. You can unsubscribe anytime.

9) Order Fulfillment

9.1 For delivery and payment, we share necessary data with carriers and banks (Art. 6(1)(b) GDPR).

For updates on digital goods, we use contact data to inform you (Art. 6(1)(c) GDPR).

9.2 Payment Service Providers: PayPal processes payment data under Art. 6(1)(b) GDPR. For credit checks, we forward additional personal data under Art. 6(1)(f) GDPR; you can object at any time.

10) Web Analytics

10.1 Google (Universal) Analytics: Cookie-based, IP truncated. Data stored 2 months. Processing only with consent (Art. 6(1)(a) GDPR). Consent managed via Cookie Consent Tool. Data processing agreement in place. More info: business.safety.google/intl/en/privacy/

10.2 Google Analytics 4: Similar to above; data stored 2 months; consent required; consent revocable via Cookie Consent Tool. Data processing agreement in place. More info: policies.google.com/privacy?hl=en&gl=en

Demographic Features & Cross-Device Reporting

Google Analytics (Universal & GA4) uses Demographics and Signals for age, gender, interest stats. Enhanced reports via Google Signals and UserIDs with consent (Art. 6(1)(a) GDPR). Data deleted after two months. EU-U.S. Data Privacy Framework applies for U.S. transfers.

11) Retargeting / Remarketing & Conversion Tracking

11.1 Meta Pixel with Enhanced Matching: We use Meta Pixel to create Custom Audiences and track conversions. Data shared and processed by Meta. Consent required (Art. 6(1)(a) GDPR); revocable via Cookie Consent Tool. EU-U.S. Data Privacy Framework applies.

11.2 Google Ads Remarketing: Google sets cookies for interest-based ads. Data processed only with consent; revocable via Cookie Consent Tool. EU-U.S. Data Privacy Framework applies. More info: policies.google.com/technologies/partner-sites

12) Embedded Functions

YouTube plugins transmit data (incl. IP) to Google. Cookies may be set on video playback. Association with logged-in accounts unless you log out. Consent required; revocable via Cookie Consent Tool. EU-U.S. Data Privacy Framework applies.

13) Tools & Miscellaneous

13.1 Cookie Consent Tool: Manages cookie consents, only loads cookies after consent. Stores preferences in necessary cookies. Legitimate interest in compliance (Art. 6(1)(f)), legal obligation (Art. 6(1)(c)).

13.2 Elasticsearch: Anonymized user/session IDs used for search functionality. Legitimate interest (Art. 6(1)(f)). Transfers under EU standard contractual clauses.

14) Data Subject Rights

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restrict processing (Art. 18 GDPR)
  • Right to notification (Art. 19 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)
  • Right to lodge a complaint (Art. 77 GDPR)

Objection: You may object to processing based on legitimate interests (Art. 21 GDPR) or direct marketing at any time. Processing stops unless we demonstrate compelling legitimate grounds.

15) Data Retention

Retention depends on legal basis, purpose, and statutory retention periods (e.g., commercial, tax law). Data processed under consent (Art. 6(1)(a)) is kept until withdrawal. Under contract (Art. 6(1)(b)), until expiry of retention periods. Under legitimate interest (Art. 6(1)(f)), until objection, unless compelling grounds exist. For marketing (Art. 6(1)(f)), until objection under Art. 21(2) GDPR. Otherwise, data is deleted when no longer needed.

© IT-Recht Kanzlei
As of: 30.05.2025, 12:14:47
Facebook Instagram Youtube