Privacy Policy Klitschko Ventures Shop
Introduction
With the following Privacy Policy, we would like to inform you about how we process your personal data in accordance with the European General Data Protection Regulation (GDPR). The Privacy policy applies to all processing of personal data that we carry out on our website as well as the webshop of Klitschko Ventures GmbH.
Controller
Controller within the meaning of the GDPR is
KLITSCHKO Ventures GmbH
represented by: Tatjana Kiel
Winterstraße 2 22765 Hamburg
Phone: +49 40 25 499 46-0
E-Mail address: info@klitschko-ventures.com
Data Protection Officer
You can contact our Data Protection Officer as follows:
secjur GmbH
Falkensteiner Ufer 40
22587 Hamburg
Phone: +49 40/80 90 81 146
Email: dsb@secjur.com
You can contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection and the exercise of your rights.
Definition of Terms
This Privacy policy is based on the terminology of the GDPR. To simplify matters, we would like to explain some important terms in this context:
• Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; - e.g. hosting providers, newsletter services, cloud services.
• Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
• Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
• Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.
• Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
• Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of the personal data.
• Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
General Information
In the following, we provide you with an overview of the personal data we process. To this end, we explain to what extent, for what purposes and on what legal basis we process personal data. We also indicate - if available - which third-party providers we use to receive your data. Finally, we will inform you whether a third country transfer takes place during the respective processing by the third party provider.
The provision of your personal data is always voluntary. However, it is possible that the respective functionality will only work if you provide your information (e.g. contact form).
Origin of the data
We may obtain personal data in the following ways:
• Information provided by you: You have the option of providing information about yourself (e.g. contact details) on our website.
• Automatically collected and generated data: data is automatically collected and generated through the use of our website.
• Data collected by third parties: if we maintain a presence on social and professional networks, we may receive data from you via these networks (e.g. if you contact us via a social or professional network or respond to one of our contents shared there).
Legal basis of processing
The processing of your personal data may be based on the following legal bases:
• Art. 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing.
• If the processing of personal data is necessary for the fulfilment of a contract to which you are a party, the processing is based on Art. 6(1)(b) GDPR. The same applies to processing operations that are necessary for the performance of pre-contractual measures.
• If we are subject to a legal obligation that requires the processing of personal data, the processing is based on Art. 6(1)(c) GDPR in conjunction with the respective standard from which the obligation arises.
• Processing operations may also be based on Art. 6(1)(f) GDPR. Processing operations are based on this legal basis if the processing is necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Recipients
Your personal data will only be passed on within our enterprise to those departments that need it to fulfil the stated purposes. We will not pass on your personal data to third parties without your consent, unless this is permitted by law (e.g. because this is necessary for the fulfilment of the contract).
As part of our processing of personal data, personal data may be transferred to other recipients or disclosed to them. The recipients of this personal data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your personal data that serve to protect your personal data.
Transfer to third countries
Insofar as we transfer personal data to a third country for processing, we ensure compliance with Art. 44 et seq. GDPR, i.e. before each transfer of personal data to third parties in a country outside the EU or the EEA (Norway, Iceland, Liechtenstein), we check how an adequate level of protection can be guaranteed. An adequate level of protection can be ensured, among other things, by the existence of an adequacy decision by the EU Commission, by the fact that we have concluded standard data protection clauses with the recipient and have taken further additional measures or by the fact that the third country transfer is permitted under other guarantees regulated in Art 46 et seq. GDPR is permissible. If the data transfer takes place on the basis of Art. 46, 47 or 49(1) GDPR, you can obtain a copy of the guarantees for the existence of an adequate level of data protection with regard to the data transfer or a reference to the availability of a copy of the guarantees from us. Please contact us for this purpose.
Erasure of data
The personal data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other authorisations cease to apply (e.g. if the purpose for processing this personal data no longer applies or it is not required for the purpose). If the personal data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. This means that the personal data is blocked and not processed for other purposes. This applies, for example, to personal data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person.
Our data protection information also contains further information on the retention and erasure of personal data, which take priority for the respective processing operations.
Provision of the Website
If you use this website for purely informational purposes without transmitting data to us in any other way (e.g. by registering or using the contact form), we collect technically necessary data via server log files, which are automatically transmitted to our server, among other things:
Date and time of access, IP address, host name of the accessing computer, website from which the website was accessed; websites accessed via the website, pages visited on our website; amount of data transferred, information about the browser type and version used, operating system, access status (e.g., whether the website could be accessed without problems or whether you received an error message), Use of website functions, search terms entered, frequency of access to individual web pages, other websites that you visit from this website, either by clicking on a link on this website or by directly entering the domain in the input bar in the same window of your browser.
The temporary storage of the data is necessary for the course of a website visit in order to be able to display our website to you. This processing is technically necessary to ensure the functionality of the website and the security of the information technology systems. The legal basis for the processing is therefore Art. 6(1)(f) GDPR in order to guarantee the provision, security and stability of our website.
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. When providing the website, this is usually the case after the end of the respective session. Log data is processed exclusively for administrative and security-related purposes and is only stored for as long as is necessary to maintain technical operations and detect misuse; it is then deleted.
Our webshop is provided by Shopify, a service of Shopify International Ltd, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
We have concluded a Data Processing Agreement with the provider. This is a contract required by data protection law that ensures that the provider will only process your personal data in accordance with our instructions and in compliance with the GDPR. Personal data may be transferred to Canada. The European Commission has issued an Adequacy Decision for Canada in accordance with Art. 45 (3) GDPR. On the basis of this decision, data transfers to locations in Canada are permissible.
Further information on data processing by Shopify can be found at Shopify Privacy Policy - Shopify Germany.
Customer Account
If you wish, you can create a customer account, which allows us to store your data for future purchases. However, you can also place an order without registering as a guest account. When you create a customer account, the personal data you provide, such as your email address, name, and address, will be stored revocably. During registration and subsequent logins and use of the customer account, we also store your IP address and the times of access in order to verify registration and prevent any misuse of the customer account.
The legal basis for this is Art. 6 (1) (b) GDPR, as the aforementioned processing is necessary to provide you with your customer account, in which you can, for example, view your order history, reorder items, and process your returns. Data processing is limited to personal data that is necessary to fulfill the scope of services agreed in our General Terms and Conditions, in particular the provision of the customer account.
You can delete your data, including your customer account, in the customer area at any time. If you have canceled your customer account, the data relating to the customer account will be deleted, with the exception of order data, which must be retained for legal reasons.
Contact via Email
You have the option of contacting us by email. When you contact us and we respond to your inquiry, we process at least your email address and, if applicable, other personal data that you provide to us in this context.
If you contact us within the framework of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the personal data you provide will be processed for the purpose of processing and responding to your contact request in accordance with Art. 6 (1) (b) GDPR. Furthermore, to protect our legitimate interests pursuant to Art. 6 (1) (f) GDPR in order to respond appropriately to customer/contact inquiries.
We will delete your personal data as soon as it is no longer necessary for the purpose for which it was collected. In the context of contact requests, this is generally the case when it is clear from the circumstances that the specific matter has been conclusively dealt with.
Processing of Orders via the Webshop
When you use our webshop, we collect your personal data, including your email address, first and last name, and billing or delivery address, for the purpose of recording and processing your orders. This data is used to process your order and fulfill our contractual obligations. Mandatory information required for the execution of contracts is marked separately; further information is voluntary.
The legal basis is Art. 6 (1) (b) GDPR, as the aforementioned processing is necessary to process your order and to fulfill the purchase contract with you.
We are required by commercial and tax law to store your address, payment, and order data for a period of ten years.
Express-Checkout via PayPal or Google Pay
If you use express checkout with PayPal or Google Pay, payment will be processed by the respective payment service provider. The personal data required for the payment process will be transmitted directly to the selected provider. This includes, in particular, your name, email address, billing and delivery address, and payment information.
When you use express checkout, the data stored with the respective payment service provider is transmitted to us in order to complete the order process. It is not necessary to enter the data again in our shop. We only receive the information that is necessary to execute and process the order.
The processing of personal data is carried out for the purpose of payment processing and to fulfill the contract in accordance with Art. 6 (1) lit. b GDPR. Further data processing is carried out under the responsibility of the respective payment service provider.
Further information on data processing by Google Pay can be found in the Privacy Policy of Google.
Payment service providers
We offer various payment methods. Depending on your selection, your data will be processed by the respective payment service provider for the purpose of payment processing. The legal basis is Art. 6(1)(b) GDPR (performance of a contract).
The processed data includes, in particular, payment data (e.g. amount, recipient, account details, credit card details), transaction data and other information associated with payment processing.
The following applies to the processing of personal data in the context of payment processing:
• We as the operator of this online shop are responsible for collecting and forwarding your data to the payment service provider you have selected.
• After the transfer, the respective payment service provider is an independent controller within the meaning of Art. 4 (7) GDPR. It is responsible for deciding on the purposes and means of further processing (e.g. credit checks, legal verification obligations under the Money Laundering Act, fraud prevention). A processor within the meaning of Art. 28 GDPR does not exist.
Information on data processing by the respective payment service provider can be found in their Privacy policy.
The following payment service providers may be used in the context of payment processing:
Paypal
If you decide to pay via PayPal as part of your order process, the payment data you enter will be transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
In addition, we integrate a PayPal button (Express Checkout/quick purchase function) on our website. When this button is loaded, your browser establishes a direct connection to PayPal's servers before you make a payment decision. PayPal receives technical information (in particular your IP address, browser type, and the date and time of the request). The loading of the button and the associated data transfer take place exclusively on the basis of your prior consent (Section 25 (1) TDDDG in conjunction with Art. 6 (1) lit. a GDPR). The button will not be loaded without your consent. You can revoke your consent at any time with future effect by adjusting your cookie settings on our website. The legality of the processing carried out until revocation remains unaffected by this.
The personal data may also be transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. PayPal is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards.
Further information on data processing by PayPal can be found in PayPal's privacy policy.
Apple Pay
If you choose Apple Pay as your payment method during the ordering process, your personal data will be processed by Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, for the purpose of processing the payment. For more information about data processing by Apple Pay, please refer to Apple's Privacy Policy.
Google Pay
If you choose Google Pay as a payment method during the ordering process, the processing of personal data is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for the purpose of processing the payment. Further information on data processing by Google Pay can be found in Google's Privacy policy.
Payment by credit card (VISA, Mastercard, American Express)
If you choose to pay by credit card, we will process the personal data required for payment processing. This includes, in particular, your name, billing address, amount, currency, and credit card information (card number, expiration date, and security code).
Payment processing is carried out by an external payment service provider. The credit card data is processed exclusively by the respective payment service provider and is not stored by us. We only receive information about whether the payment was successful or unsuccessful.
Cookies
Consent-Management-Tool (Cookie-Banner)
We use a consent management tool or a so-called cookie banner on our website to obtain and document the legally required consent for the use of cookies and comparable technologies. When you visit our website or a sub-website for the first time and it contains cookies, the cookie banner is displayed to you.
Our cookie banner informs you about the specific cookies we use. In addition, we give you the opportunity to decide whether you want to consent to the setting of non-essential cookies. You can also allow us to use non-essential cookies and cancel this decision there. The following data is processed:
• Usage data (e.g. websites visited, time of access)
• Meta and communication data (e.g. IP address)
The legal basis for the use of the cookie banner is Art. 6(1)(f) GDPR. We have an overriding legitimate interest in using the cookie banner, which enables us to obtain the legally required consent for the use of non-essential cookies and to fulfil our obligation to provide information regarding cookies. The cookie banner stores the preferences until you reset or customise them.
General Information on Cookies
We use cookies on our website. These are text files that your browser automatically creates and that are stored on your IT system when you visit our website. Through cookies, certain information flows to the location that sets the cookie. By using cookies, it is not possible to execute programmes or transfer viruses to your end device.
If you do not wish to use cookies, you can switch them off in the settings.
From a legal perspective, a distinction must be made between necessary and non-necessary cookies.
Necessary cookies
We use necessary cookies. These are cookies that are technically necessary to provide all the functions of our website. The legal basis for data processing is our legitimate interests within the meaning of Art. 6(1)(f) GDPR. We have an overriding legitimate interest in being able to offer our website in a technically flawless manner. The legal basis for the use of cookies vis-à-vis our contractual partners who make use of services contractually owed by us via our website is Art. 6(1)(b) GDPR, the provision of our contractual services.
Non-necessary Cookies
We also use non-essential cookies (e.g. analysis and marketing cookies). These are cookies that are not technically necessary. We use them to understand your behaviour on our website and to improve our services. The legal basis for data processing is your consent in accordance with Art. 6(1)(a) GDPR. The cookies are only set after you have given your consent via our "cookie banner".
Storage duration cookies
A distinction is made between the following types of cookies with regard to the storage period:
• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their end device (e.g. browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or favourite content can be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. If we do not provide users with explicit information on the type and storage duration of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and can be stored for up to two years.
For further information, in particular on the individual cookies used, please refer to the information we provide in the cookie banner.
Your rights as a data subject
As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR. If you wish to exercise any of your rights, please contact us using the contact addresses provided above or our Data Protection Officer.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
Right of access
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to the personal data and further information and a copy of the personal data in accordance with the legal requirements.
Right to rectification
In accordance with the legal requirements, you have the right to request the completion of personal data concerning you or the rectification of inaccurate personal data concerning you.
Right to erasure and restriction of processing
You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.
Restriction of processing
You have the right to obtain from us the restriction of processing if one of the legal requirements is met.
Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request that it be transferred to another controller.
Right to withdraw consent
You have the right to withdraw your consent at any time.
Complaint to the supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.
Amendment and updating of the Privacy policy
We will adapt the Privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
If we further develop our website and our offers or if legal or official requirements change, it may be necessary to amend this data protection notice. You can access the current data protection information at any time here.
Status: March 2026