The protection of your personal data is important to us. This privacy policy informs you which personal data we collect when you use our website and how we process it — in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
1. Data controller
Responsible for data processing on this website is:
Handyjunkies GmbH
Torstraße 130
10119 Berlin
Germany
Email: info@openboxberlin.de
2. Server log files
When you access our website, the following technical data is automatically recorded by the web server in log files:
- IP address (anonymised after 7 days)
- Date and time of access
- Page / file accessed
- Browser and operating system used
- Amount of data transferred and HTTP status code
These data are used to ensure operation, IT security and error analysis. The data are not combined with other data sources.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the secure operation of the website).
Retention period: Maximum 7 days.
Data processor: Hostinger International Ltd. (Cyprus, EU). A data processing agreement under Art. 28 GDPR is in place.
3. Cookies
Our website uses cookies and similar technologies organised into four categories. On your first visit, you are asked via a banner which categories you wish to allow. Only technically necessary cookies are set without your consent.
3.1 Necessary cookies
These cookies are essential for the operation of the website (cart, session, protection against attacks) and cannot be disabled. The following necessary cookies are set:
- PHPSESSID: Session ID to identify the browser during the session. Deleted when the browser is closed.
- CSRF token: Protection against Cross-Site Request Forgery attacks. Deleted when the browser is closed.
- cart: Stores the contents of your shopping cart. Deleted when the browser is closed.
Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance) or § 25 para. 2 no. 2 TTDSG (strictly necessary).
3.2 Preferences
These cookies store your settings such as language or region to make your visit more comfortable. They are only set with your consent.
Legal basis: Art. 6 (1) (a) GDPR (consent) and Sec. 25 (1) TTDSG.
3.3 Statistics
These cookies help us understand how visitors use the website. We use Google Analytics 4 for this purpose (see section 8). They are only set with your consent.
Legal basis: Art. 6 (1) (a) GDPR (consent) and Sec. 25 (1) TTDSG.
3.4 Marketing
These cookies are used to deliver relevant advertising and to measure conversion events (Google Ads, see section 8). They are only set with your consent.
Legal basis: Art. 6 (1) (a) GDPR (consent) and Sec. 25 (1) TTDSG.
3.5 Storage of your consent
Your consent is stored locally in your browser under the key "ob_consent_v1" (localStorage). The consent is valid for 12 months; after that you will be asked again. No personal data is transmitted to our servers.
3.6 Withdrawing consent
You can withdraw or adjust your consent at any time via the "Cookie settings" link in the footer of this website. The change takes effect immediately.
4. Orders
When you place an order with us, we process the following personal data:
- Name, email address, phone number
- Delivery address (for shipping)
- Order information (products, quantities, prices)
- Payment information (processed directly by Stripe — see section 6)
Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance) and Art. 6 para. 1 lit. c GDPR (statutory retention, § 147 AO).
Retention period: 10 years according to tax retention obligations.
5. Repair requests
When you submit a repair request, we process the following data:
- Name, email address, phone number
- Device information (brand, model)
- Problem description
- Preferred appointment
Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation and performance).
Retention period: 2 years after completion of the repair.
6. Payment processing via Stripe
For payment processing, we use the Stripe service. When you make a payment, your payment data (e.g. credit card number) is transmitted directly to Stripe and processed exclusively by Stripe. We do not store credit card data ourselves.
Stripe processes your name, email address, billing address and payment information to carry out the payment and prevent fraud.
Provider: Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland
Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance).
Privacy policy: stripe.com/de/privacy
7. Google reCAPTCHA
To protect our repair form from automated spam requests, we use Google reCAPTCHA v3. In doing so, Google checks various characteristics of your interaction in the background to detect whether the request comes from a human or a bot.
Data such as your IP address, mouse movements, keystrokes and browser information are transmitted to Google and analysed.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in protection against spam and abuse).
Data transfer: Data is also transferred to Google servers in the USA. Google is certified under the EU-US Data Privacy Framework.
Privacy policy: policies.google.com/privacy · policies.google.com/terms
8. Google services with consent (Consent Mode v2)
If you have consented to the "Statistics" or "Marketing" categories, we use the following Google services. Without your consent, no cookies are set and no personal data is transmitted to Google.
We use Google Consent Mode v2: scripts load even without your consent, but they do not transmit any personal data and do not set any cookies. Full tracking is only activated after your consent.
8.1 Google Analytics 4
We use Google Analytics 4 to analyse visitor behaviour. The following are recorded: pages visited, time spent, approximate region (based on IP address, anonymised), device and browser information.
8.2 Google Ads
We use Google Ads to display advertising and to measure conversion events (e.g. completed orders). A conversion tracking cookie is set for this purpose.
8.3 Google Tag Manager
Google Tag Manager is used to manage the tags mentioned above. GTM itself does not set any cookies and does not collect any personal data, but only serves to trigger other tags.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Legal basis: Art. 6 (1) (a) GDPR (consent).
Retention period: Maximum 14 months for Analytics data, 90 days for Ads conversion tracking.
Data transfer: Data may also be transmitted to Google servers in the USA. Google is certified under the EU-US Data Privacy Framework.
Privacy policy: policies.google.com/privacy
9. Transactional emails
For sending transactional emails (order confirmations, shipping notifications, repair requests) we use the SMTP server of our hosting provider Hostinger. The email contents and your email address are processed for delivery.
Provider: Hostinger International Ltd., 61 Lordou Vironos Street, 6023 Larnaca, Cyprus
Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance).
10. WhatsApp Business
On our website you will find a link to WhatsApp through which you can contact us. This happens exclusively on your own initiative. If you do not click the link, no data is transmitted to WhatsApp.
When you contact us via WhatsApp, WhatsApp Ireland Limited processes your phone number, the contents of the conversation and metadata. We recommend not sending any sensitive data via WhatsApp.
Provider: WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Legal basis: Art. 6 para. 1 lit. a GDPR (consent through active contact) and Art. 6 para. 1 lit. f GDPR (legitimate interest in customer communication).
Data transfer: WhatsApp is part of the Meta group. Data may be transferred to the USA. Meta is certified under the EU-US Data Privacy Framework.
Privacy policy: whatsapp.com/legal/privacy-policy-eea
11. Google Maps
On our contact page we provide a location map via Google Maps. However, the map is not loaded automatically: only after your explicit click on "Load map" will the map be embedded and data transmitted to Google. As long as you do not actively load the map, no data is sent to Google.
When the map is loaded, your IP address, information about your browser and device, as well as interaction data, are transmitted to Google.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Legal basis: Art. 6 para. 1 lit. a GDPR (consent through actively loading the map).
Data transfer: Data may also be transferred to Google servers in the USA. Google is certified under the EU-US Data Privacy Framework.
Privacy policy: policies.google.com/privacy
12. Your rights
You have the following rights regarding your personal data at any time:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7 para. 3 GDPR)
To exercise these rights, please contact info@openboxberlin.de.
13. Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Web: datenschutz-berlin.de
14. Changes to this privacy policy
We reserve the right to adapt this privacy policy if the legal situation, our services or data processing change. The current version can always be viewed on this page.