Privacy Policy

This privacy policy provides an overview of how we process your personal data when you visit our website or contact us. Personal data refers to any information that relates to an identified or identifiable natural person.

---

Controller

Reviva GmbH
Albert-Schweitzer-Str. 10
82008 Unterhaching
Germany
Email: info@reviva.de

---

Server Log Files

When you visit our website, information is automatically transmitted by your browser and stored in server log files. This includes:

• Visited page

• Date and time of access

• Data volume transferred

• Browser used

• IP address

• Requesting provider

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest in stable and secure website operation)

---

Contacting Us

By Email or Contact Form:
We collect your details (name, email address, message) solely for the purpose of processing your inquiry.

Legal bases:

• Art. 6 (1)(b) GDPR for contract-related inquiries

• Art. 6 (1)(f) GDPR for general inquiries

You have the right to object to the processing based on your particular situation at any time.

---

Customer Account & Orders

Customer Account:
Data is processed to simplify order handling.
Legal basis: Art. 6 (1)(a) GDPR (consent)

Orders:
Data is processed to fulfill contractual obligations.
Legal basis: Art. 6 (1)(b) GDPR

Data Sharing: With shipping providers, payment services, IT providers, etc., only to the extent necessary and in compliance with the GDPR.

---

Reviews & Newsletters

Reviews/Comments:
Your data is processed to display reviews.
Legal basis: Art. 6 (1)(a) GDPR (consent, revocable at any time)

Newsletter:
Sent only with your explicit consent.
Legal basis: Art. 6 (1)(a) GDPR (consent, revocable at any time)

Newsletters are sent via an email marketing provider under a processing agreement. No data is shared with third parties.

---

Merchandise Management System

We use a merchandise management system operated by:
Plenty One GmbH, Johanna-Waescher-Straße 7, 34131 Kassel
Legal basis: Art. 6 (1)(b) GDPR

---

Payment Providers

Klarna

When using Klarna Bank AB (Sveavägen 46, 111 34 Stockholm, Sweden), your data is transferred for payment processing.

Legal bases:

• Art. 6 (1)(b) GDPR (contract performance)

• Art. 6 (1)(f) GDPR (legitimate interest in payment security)

Credit check: For certain methods (e.g., invoice, installment), Klarna may use credit agencies. You may object to this processing.

More info: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

Ratepay

When using Ratepay GmbH (Ritterstr. 12-14, 10969 Berlin), your data is processed for payment purposes.

Legal bases:

• Art. 6 (1)(b) GDPR

• Art. 6 (1)(f) GDPR

Credit check: Possible for specific payment methods. Objection rights apply.

More info: https://www.ratepay.com/

---

Rights of Data Subjects

You have the following rights under the GDPR:

• Access (Art. 15)

• Rectification (Art. 16)

• Erasure (Art. 17)

• Restriction of processing (Art. 18)

• Data portability (Art. 20)

• Objection to processing (Art. 21)

• Withdrawal of consent (Art. 7(3))

• Complaint to a supervisory authority (Art. 77)

Contact for data protection inquiries:
Email: info@reviva.de

---

Use of SOFORT

We use SOFORT GmbH (Theresienhöhe 12, 80339 Munich, Germany), part of Klarna Group, for payment processing.

Legal basis: Art. 6 (1)(b) GDPR

More information:

• https://www.sofort.com/1.0/shared/content/legal/terms/de-DE/SOFORT/

• https://www.klarna.com/sofort/

---

Data Sharing with Third Parties

Data may be shared under legal obligations or to fulfill contracts with:

• Authorities (e.g., tax offices)

• External consultants (lawyers, auditors, collection agencies, credit checks)

• Shipping providers (e.g., UPS, DHL, Deutsche Post)

• Payment services:

  • PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg

  • Klarna AB, Sweden

  • Amazon Payments Europe, Luxembourg

  • Apple Distribution International, Ireland

  • Shopify Payments, Canada

  • Google Pay, Ireland

---

Shopify E-Commerce Platform

Our website is hosted by Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada. Data may be stored in Canada or other third countries. Transfers comply with the GDPR via Binding Corporate Rules or EU adequacy decisions.

More info: https://www.shopify.com/legal/privacy

---

Cookies

We use cookies to provide functionality and services. You may disable or delete cookies via your browser:

• Chrome: https://support.google.com/accounts/answer/61416?hl=en

• Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-63947406

• Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

• Safari: https://support.apple.com/en-us/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Legal basis for essential cookies: § 25 (2) TTDSG and Art. 6 (1)(f) GDPR

---

Analytics & Advertising

Hotjar

We use Hotjar (Hotjar Ltd., Malta) to analyze user behavior pseudonymously (clicks, scrolls). IP addresses are anonymized. Data may be transferred to third countries with safeguards.

Details: https://www.hotjar.com/legal/policies/privacy
Cookies: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies

Legal basis: Consent (Art. 6 (1)(a) GDPR / § 25 (1) TTDSG)

Meta Pixel (Facebook & Instagram)

Used for targeted advertising. Data is jointly processed with Meta (Meta Platforms Ireland Ltd.).

Agreement: https://de-de.facebook.com/legal/terms/businesstools
Meta is certified under the TADPF.
Consent can be revoked at any time.

More info: https://www.facebook.com/about/privacy

Google Ads Conversion Tracking

We use this tool (Google Ireland Ltd.) to track conversions. Cookies are used with limited lifespan. Google is TADPF-certified.

More info: https://www.google.com/policies/privacy/
Legal basis: Consent (Art. 6 (1)(a) GDPR / § 25 (1) TTDSG)

Google Remarketing & Similar Audiences

Used for personalized advertising. No personal data is stored. Data may be transferred to the U.S. under TADPF safeguards.

More info: https://www.google.com/privacy/ads/

---

Plugins and Third-Party Services on reviva.de

Google Tag Manager

Used to manage tracking/analytics tags. Does not process personal data directly.

More info: Google Tag Manager Terms of Service and Privacy Policy

YouTube

We embed videos via YouTube (Google Ireland). We use the “privacy-enhanced mode,” meaning no data is collected unless the video is played.

Legal basis: Consent (Art. 6 (1)(a) GDPR / § 25 (1) TTDSG)
YouTube is certified under TADPF.
Consent may be withdrawn at any time.

More info: YouTube Privacy Policy

---

Additional Services Used

---

Data Retention

We store your data as long as legally required (e.g., tax, commercial law). After that, data is deleted unless further consent exists.

---

Supervisory Authority

If you wish to file a complaint, contact:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach
📞 Phone: +49 981 53 1300
📠 Fax: +49 981 53 98 1300
📧 Email: poststelle@lda.bayern.de
🌐 Website: www.lda.bayern.de

---

Last updated: May 1, 2025